Targeted attacks, social networking threats, mobile device security and the use of attack toolkits are top trends...
to watch in 2011, says IT management firm Symantec.
Stuxnet teaches future attackers that the easiest vulnerability to exploit is trust in colleagues because it would not have worked without someone being given trusted access with a USB key, the report says.
The important thing to note from 2010 is that targeted attacks were not confined to large multinational companies and government agencies, but included a surprising number of smaller organisations, says Sian John, distinguished engineer at Symantec.
Computer Weekly Special Report on Symantec . Click to download (requires registration)
Users install their own software
Pressure to reduce helpdesk calls has led to more companies allowing users to install software on their PCs, says John, but targeted attacks show the need for technologies to enable organisations to manage and control this centrally.
Attacks are also becoming increasingly stealthy, with many targeted attacks using zero-day vulnerabilities to break into computers systems, she says.
Social media vulnerabilities
Social media is another key area businesses need to manage through clear policies and control technologies, says Sian John, as an increasing number of employees turn to these communication channels of both professional and personal use.
One of the main attack techniques involved the use of shortened URLs in 2010, when attackers used millions of these links to trick victims into phishing and malware attacks, says the report.
"These attacks exploit the implied web of trust around social media, with shortened URLs accounting for 65% of malicious links in news feeds in 2010," said John.
Mobile platforms draw hackers' attention
The major mobile platforms are becoming widespread enough to get the attention of attackers. Symantec expects attacks on these platforms to increase, with the number of mobile operating system vulnerabilities increasing 42% in 2010.
Attack toolkits, that can be used by novices and experts alike to launch widespread attacks on networks, continued to be a basic tool for cybercriminals in 2010, and Symantec expects this trend to continue, says John.
These kits increasingly target vulnerabilities in the popular Java platform, accounting for 17% of vulnerabilities affecting browser plug-ins in 2010.
Inevitably, some of the more than 6,000 vulnerabilities discovered in 2010 will find their way into attack kits sold in the underground economy, says the report.