MOUNTAIN VIEW, Calif. (4/18/11)--Cyber threats have skyrocketed in volume and sophistication, with more than 286 million new threats last year and several new megatrends, including targeted attacks, social networking threats, mobile device security issues and the proliferation of attack toolkits--according to a new security study. Credit unions and their members can be impacted by cyber threats in any of these areas, but with the trend in credit unions to offer more social networking interaction with members and online banking for mobile devices, credit unions will need to be even more vigilant about their keeping their members' data secure and educating members about these security threats. Symantec Corp.'s Internet Security Threat Report, Volume 16 highlights what the security management solutions company terms as "dramatic increases in both the frequency and sophistication of targeted attacks on enterprises, the continued growth of social networking sites as an attack distribution platform; and a change in attackers' infection tactics, increasingly targeting vulnerabilities in Java to break into traditional computer systems." The report also explores how attackers are exhibiting a notable shift in focus toward mobile devices. Targeted attacks in 2010 increased against a diverse collection of corporations and government agencies, and a surprising number of smaller companies, said Symanteck. Often, the cyber crooks researched key victims in each corporation and used tailored social engineering attacks to gain entry. Many attacks--because they were targeted--succeeded--even though the organization had basic security measures in place. Many obtained personal information that could be used in an identity theft. The report noted that hacking breaches in 2010 resulted in more than 260,000 identities exposed per breach. Social network platforms attracted a large volume of malicious software or malware. One technique cyber crooks use on social networking sites involves shortened addresses of websites or URLs. The abbreviated URLs make it more efficient to share a link to a complicated web address in an e-mail or on a web page. But they also make it easier to reel in data theft victims. In 2010, attackers posted millions of these shortened links on social networking sites to trick victims in phishing and malware attacks. Symantec said the abbreviated URLs "dramatically" increased the rate of successful infection. The report also found that attackers overwhelming leveraged the news-feed capabilities on popular social networking sites to mass-distribute attacks. Last year, 65% of malicious links in news feeds observed by Symantec used shortened URLs. Of those, 73% were clicked 11 times or more, with 33% receiving between 11 and 50 clicks. Another trend is an increase in attack toolkits--software programs used by novices and experts to launch widespread attacks on networked computers. These are increasingly targeting weakenesses in the Java system, which accounted for 17% of all vulnerabilities affecting browser plug-ins last year. The number of measured Web-based attacks per day rose by 93% last year. Two thirds of the activity observed by Symantec was directly related to attack kits. The popularity of mobile platforms has grabbed attackers' attention, and Symantec said it expects attacks on these platforms to rise. In 2010, most attacks against mobile devices took the form of Trojan Horse programs masquerading as legitimate applications or "apps." Attackers can bypass new security architectures by attacking inherent vulnerabilities in the mobile platforms' implementation. Symantec said these are commonplace. It documented 163 vulnerabilities last year that attackers could use to gain partial or complete control over devices running on mobile platforms, and these infected hundreds of thousands of devices. Other findings:
* 93% hike in Web-based attacks; * 260,000 identities exposed per breach; * 14 new zero-day vulnerabilities; * 6,253 new vulnerabilities in 2010; * 42% more mobile vulnerabilities; * One botnet with more than a million spambots; * 74% of spam related to pharmaceuticals; and * Seven cents to $100 per credit card--the price for credit card data on underground forums. Factors dictating price include the rarity of the card and discounts offered for bulk purchases.