Targeted attacks such as Hydraq and Stuxnet topped a growing list of cyber threats, according to Symantec’s global internet security threat report released today. But in this part of the world its social networking and growth of mobile devices that is of concern to IT departments.
“There’s not a meeting I go to where two topics don’t come up. These are just consistent in every conversation every day with the CIO, says Craig Scoggie, Symantec vice president for the Pacific region.
“If I said there was one major enterprise and consumer consistent theme that came out clear for all organisations it was social networking risks.”
According to the report a popular attack technique is to use shortened URLs as a vehicle for malware. “The attacker logs into a compromised social networking account and posts a shortened link to a malicious website in the victim’s status area. The social networking site then automatically distributes the link to news feeds of the victim’s friends, spreading the link to potentially hundreds or thousands of victims in minutes,” the report reads.
In 2010 Symantec observed that 65 percent of malicous links were in news feeds and of these 73 percent were clicked 11 times or more, with 33 percent receiving between 11 and 50 clicks.
Scroggie says that mobile devices – in particular the tablet devices – are the new focus for security concerns. “Last year mobile devices weren’t a big challenge, CPU and battery life didn’t have the capacity. But now with the new tablets they do have the capacity, they can support multiple applications,” he says.
Scroggie highlights the area of mobile apps, in particular those downloaded from the Android app store which says aren’t checked first for malware. “It’s not until somebody finds something malicious that they’ll have it removed,” he says.
“What I can tell you is in the last three months there has been a very strong desire to understand how to protect mobile devices, support them in thework place and secure them adequately by using multifactor identification and encryption.”