Report: Online Attacks, Crimeware Skyrocketed in 2010

MOUNTAIN VIEW, Calif. — Online attacks have skyrocketed in 2010 and hackers are getting more sophisticated.

According to the Internet Security Threat Report from Symantec, the daily volume of web-based attacks increased by 93 percent from 2009 to 2010 and 49 percent of malicious sites were found through searches for porn.

Cybercriminals' crimeware attack toolkits accounted for two-thirds of all web-based threats with the Phoenix toolkit identified as the hackers’ favorite accounting for 39 percent of attacks.

Symantec reported that data breaches have caused an average of 262,767 identities exposed per incident. Lost records accounted for 68,418 breaches, theft or loss 67,528, insecure policies 30,572 and fraud 6,353.

And cyber criminals are getting smarter.  The report said that from 2009 to 2010 the number of attacks that used executable files and Windows auto-run to circulate and launch attacks increased by 74 percent.

Using file-sharing protocols to spread attacks increased by 47 percent, while remote virus-like crimeware that exploits weaknesses jumped by 24 percent.

The report also said that browsers and applications like Adobe Flash and Reader — that were hit hard in 2010 — have become increasingly vulnerable.

Gerry Egan, a director with Symantec Security Response said in an InformationWeek report, "As the operating system and browser guys have gotten better about patching their software, the weakness now is often in the plug-ins that sit inside the browser.”

Egan also said that eliminating viruses also got tougher. "Once malware gets inside an organization, there's evidence that it's more likely to use some type of toolkit technology to cloak itself.”

Even more troubling in 2010 was the increase in attacks against social networks, most notably where users are directed to a website embedded with a malicious code that attacks any vulnerabilities on the user's computer.

But Symantec said despite the sophistication of toolkits, many social networking attacks used simple techniques that targeted shortened URLs to redirect users to an attack site.

The report also noted that despite the bogus destination of some of these URLs, 73 percent of the links the company studied were clicked at least 11 times and 33 percent were clicked up to 50 times proving that most social networking users don’t pay attention to what they’re clicking.