Report: Cyber Criminals Targeted Enterprise, Social Networks, Mobile In 2010

Cybercriminals are getting smarter, aiming at specific targets and doing it more frequently, according to one recent report.

The report, from Symantec says there were 286 million new threats last year, and a 93 percent increase in web-based attacks overall. More than that, many of the threats were what Symantec calls targeted attacks. These attacks, usually aimed at businesses, come from cybercriminals with existing knowledge about their victims. The attackers looked at key people within each corporation. From there, they used social engineering attacks -- essentially trickery -- to gain entry into the networks.

The report points to Hydraq and Stuxnet as two of the more prominent targeted attacks in 2010. The attacks use zero-day vulnerabilities to break into computer systems. Stuxnet used four alone.

Stuxnet and Hydraq, two of the most visible cyber-events of 2010, represented true incidents of cyberwarfare and have fundamentally changed the threat landscape, said Stephen Trilling, senior vice president of Symantec Security Technology and Response. The nature of the threats has expanded from targeting individual bank accounts to targeting the information and physical infrastructure of nation states.

It wasn't just enterprise as a whole. Individual people within those corporations were getting hurt by targeted attacks as well. According to Symantec, data breaches were responsible for an average of more than 260,000 identities exposed per incident in 2010, four times that of any other cause.

Symantec also looked at the growing threat lying in social networks. Shortened URL sites, such as bit.ly and tiny.cc, are popular targets for cybcercriminals. Last year, millions of these shortened links on social networking sites were posted to trick victims as part of phishing and malware attacks.

Mobile platforms were another popular platform targeted by cyber criminals. Most attacks came under the guise of Trojan Horse programs that pose as legitimate applications. This type of threat was recently making the rounds in the Android universe.

There are a lot of vulnerabilities in mobile, which make it an easy target Symantec says. All told, there were 163 vulnerabilities during 2010 that could be used by attackers to gain partial or complete control over devices running popular mobile platforms.