Symantec Corporation just released their new “Internet Security Threat Report,” which provides an overview and analysis of the year in global threat activity. As per the Report, the number of cyber attacks increased significantly in 2011. Mobile platforms, particularly Android OS and social networks, were a focus of attackers. Social networks are gaining in popularity even among enterprises, and due to their viral nature and affinity to social engineering, it is easy for malware to spread very quickly.
Symantec reported that they blocked 5.5 billion malicious attacks in 2011, which is a whopping 81% more than 2010. It is clear that the focus of the hackers is shifting from traditional PCs to mobile devices, tablets, and smartphones, as well as data in social networks and in the cloud.
The scary part is that these threats are not limited to just spreading viruses, but they also involve collecting sensitive PII and enterprise data and tracking users, their activities and their keystrokes. Almost one in four mobile threats identified in the report was designed to make money by sending premium text messages from infected phones. Symantec said that cyber criminals are no longer exclusively targeting large businesses and high-profile executives. The report identified an exponential jump in data breaches from 2010 to 2011, and there were 1.1 million identities stolen through those data breaches. The most common cause of data leakage was the loss of smartphones, tablets, USB keys or a backup device, which in total exposed 18.5 million identities in 2011.
Blackhat hackers are targeting enterprises with a new class of attacks called Advanced Persistent Threats (APTs). APTs are the modern equivalent of espionage, and have become a leading cause of today’s growing cyber security risks. Last year, Trend Micro identified a major APT campaign called Lurid, as a result of which malicious hackers were able to successfully infiltrate the IT systems of more than 47 organizations in 61 different countries. Clearly, public sector government agencies are among those being targeted, with attackers attempting to steal sensitive documents, spreadsheets, etc.
There are many reasons why agency computers are vulnerable to APT and other malware contamination. One of the primary reasons is because departments have failed to implement proper security controls. On top of that, agencies do not always adequately train personnel responsible for system security, regularly monitor safeguards, successfully fix vulnerabilities or resolve incidents in a timely fashion.
I recommend that agencies evaluate and deploy various defense-in-depth strategies including continuous monitoring, endpoint encryption, data leakage prevention, and network access control. It is important to strictly enforce password policies, telework policies, removable media policies and other administrative measures. Last but not least, educating end-users on the new emerging threats and vulnerabilities will go a long way in helping you keep your networks and data centers secure. Resilient security cannot be obtained just by technology.
Let me hear your thoughts. To know more about federal technology trends, you can follow me on Twitter at @GTSI_Architect