Photo - (From left) David Rajoo, Senior Technical Consultant, Symantec Malaysia; Nigel Tan, Director of Systems Engineering, Symantec Malaysia.
According to Symantec Malaysia's latest Internet Security Threat report, there has been a 42 percent surge during 2012 on targeted attacks globally including a threefold increase in attacks on small businesses as well as an increase in cyber espionage.
Symantec Malaysia director of systems engineering Nigel Tan said the company's Internet Security Threat Report, Volume 18 (ISTR) showed the targeted cyber espionage attacks were affecting the manufacturing sector as well as small businesses. "[Which] are the target of 31 percent of these attacks. Small businesses are attractive targets themselves and a way in to ultimately reach larger companies via 'watering hole' techniques. In addition, consumers remain vulnerable to ransomware and mobile threats, particularly on the Android platform."
"The sophistication of attacks coupled with today's IT complexities, such as virtualisation, mobility and cloud, require organisations in Malaysia and globally to remain proactive and use 'defence in depth' security measures to stay ahead of attacks," said Tan. ""Cyber criminals aren't slowing down; they continue to devise new ways to steal information from organisations of all sizes."
"While Malaysia is ranked 35th among countries globally on Internet threat activities, organisations should continue to take proactive initiatives to secure and manage critical information from a variety of security risks today," he said. "The top growing trends that organisations in Malaysia should watch out for in today's threat landscape includes targeted attacks in the manufacturing and small businesses sectors, mobile malware, and phishing threats."
According to the study, Tan, said: "Cyber criminals are targeting customer information, financial details and intellectual property. They have more ways than ever to spy on us, through computers, mobile devices and social networks. Any information they glean, from banking details to email addresses of associates, can be used in stealing identities and crafting further sophisticated attacks."
The Internet Security Threat Report is based on data from Symantec's Global Intelligence Network, which Symantec analysts use to identify, analyse, and provide commentary on emerging trends in attacks, malicious code activity, phishing, and spam.
Watering hole attacks
"One of the most significant innovations in targeted attacks is the emergence of watering hole attacks," said Symantec Malaysia senior technical consultant, David Rajoo. "The attackers compromise the security of a website that an intended target is likely to visit and once the target visits the website, their computer becomes infected with malware."
Rajoo said ISTR 18's findings also point out the vulnerability of small business, which offer the least resistance to attacks.
"Targeted attacks are growing the most among businesses with fewer than 250 employees," he said. "Small businesses globally are now the target of 31 percent of all attacks, a threefold increase from 2011."
"While small businesses may feel they are immune to targeted attacks, cyber criminals are attracted by these organisations' bank account information, customer data and intellectual property," he added. "Attackers hone in on small businesses that may often lack adequate security practices and infrastructure. Web-based attacks globally increased by 30 percent in 2012, many of which originated from the compromised websites of small businesses. These websites were then used in massive cyber attacks as well as 'watering hole' attacks."
In a watering hole attack, the attacker compromises a website, such as a blog or small business website, which is known to be frequently visited by the victim of interest. When the victim later visits the compromised website, a targeted attack payload is silently installed on their computer. The Elderwood Gang pioneered this class of attack; and, in 2012, successfully infected 500 organisations in a single day. In these scenarios, the attacker leverages the weak security of one business to circumvent the potentially stronger security of another business.
Shift from government to manufacturing targets
Symantec's Tan said the report indicated a shift of targets from government to manufacturing targets. "Manufacturing has moved to the top of the list of industries targeted for attacks in 2012. Symantec believes this is attributed to an increase in attacks targeting the supply chain - cyber criminals find these contractors and subcontractors susceptible to attacks and they are often in possession of valuable intellectual property."
"Often by going after manufacturing companies in the supply chain, attackers gain access to sensitive information of a larger company," he said. "In addition, executives are no longer the leading targets of choice. In 2012, the most commonly targeted victims of these types of attacks across all industries were knowledge workers (27 percent) with access to intellectual property as well as those in sales (24 percent).
The report also showed that mobile malware increased during 2012 by 58 percent, and 32 percent of all mobile threats were attempts to steal information, such as e-mail addresses and phone numbers.
However, these increases cannot necessarily be attributed to the 30 percent increase in mobile vulnerabilities, said Tan. "While Apple's iOS had the most documented vulnerabilities, it only had one threat discovered during the same period. Android, by contrast, had fewer vulnerabilities but more threats than any other mobile operating system. Android's market share, its open platform and the multiple distribution methods available to distribute malicious apps, make it the go-to platform for attackers."
Another finding is that 61 percent of malicious websites were compromised legitimate websites with business, technology and shopping websites in the top five types that were hosting infections.
Tan said Symantec attributed this to unpatched vulnerabilities on legitimate websites. "Ransomware, a particularly vicious attack method, is now emerging as the malware of choice because of its high profitability for attackers. In this scenario, attackers use poisoned websites to infect unsuspecting users and lock their machines, demanding a ransom in order to regain access. Another growing source of infections on websites is malvertisements-this is when criminals buy advertising space on legitimate websites and use it to hide their attack code."
Sign up for CIO Asia eNewsletters.