Symantec warns of 286 million new threats in 2010

There were 286 million new threats in 2010, with web-based attacks up 93 per cent thanks to attack toolkits and the spread of malicious links on social networking sites, according to the latest Symantec Internet Security Threat report.

The security firm found threats becoming more sophisticated as cyber criminals seek to overcome the growing internet security saviness of many web users today.

To this end, there have been large numbers of targeted attacks launched at SMBs seeking to harvest valuable customer data or intellectual property, the firm said.

Zero-day vulnerabilities and rootkits are also being spotted in greater numbers as criminals look to bypass current defences and remain hidden. For example, 14 new zero-day vulnerabilities were discovered last year, and a total of 6,253 new vulnerabilities, more than in any previous reporting period.

As spotted by HP in its report released on Monday, attack toolkits are increasingly to blame for the growth in threats, according to Symantec distinguished engineer Sian John.

"Around two-thirds of the web attacks were down to attack kits," she said. "Interestingly, as certain exploits cease to be effective they move onto new ones."

At the moment, Java vulnerabilities are being targeted in this way, but the attackers could just as easily move to another platform once these vulnerabilities are patched, she added.

The final big area of risk highlighted by the report, aside from social networks where 65 per cent of malicious links spotted were of the shortened variety, is the mobile space.

"As people use smartphones to do more they are becoming an increasing target of attack, mostly as Trojans posing as legitimate applications," said John. "Because we have these unvetted third-party app stores, they are getting downloaded."

Such Trojans can steal personal information from the phone or even turn it into part of a botnet, said John, posing an increasing risk to organisations where employees are using personal devices in a corporate environment.

"There is a lot of pressure to allow their use at work so it comes down to saying: 'If you bring them in we have the right to manage and control the device,'" said John.

"However, the biggest risk is still leaving it in the back of a taxi. If you put sensitive corporate data on those devices a lot of protection needs to go on it."