Symantec Global internet Security threat report
Overall, every category of threats to confidential information increased in 2009. this is considered to be due to the continuing increased professionalization of the threat landscape. the creation of toolkits designed specifically to create malicious packages is making it relatively easy for even neophyte attackers to create threats with increasing complexity and sophistication over time.
Organizations can take several steps to limit the exposure of confidential information by successful intrusions. Data loss prevention solutions can block sensitive data from being stored on endpoint computers. Encrypting sensitive data that is stored in databases will limit an attacker’s ability to view and/ or use the data. However, this step may require sufficient resources to be made available since adequately managing encryption keys and ensuring that archived data is actually encrypted can be costly. Furthermore, encrypting stored data will not protect against man-in-the-middle attacks that intercept data before it is encrypted.165 As a result, data should always be transmitted through secure channels such as SSH, SSL, and ipSec.166
Worms and viruses use various means to transfer themselves, or propagate, from one computer to another. these means are collectively referred to as propagation mechanisms. propagation mechanisms can include a number of different vectors, such as instant messaging (iM), Simple Mail transfer protocol (SMtp), Common internet File System (CiFS), p2p, and remotely exploitable vulnerabilities.167 Some malicious code may even use other malicious code as a propagation vector by locating a computer that has been compromised through a back door server and using it to upload and install itself. the samples discussed here are assessed according to the percentage of potential infections.
in 2009, 72 percent of potential malicious code infections propagated as file-sharing executables, up from 66 percent in 2008 (table 18).168 File-sharing executables are the propagation mechanisms employed by viruses and some worms to copy themselves onto removable media. the continuing resurgence in this vector over the past few years coincides with the increased use of removable drives and other portable devices. it is also an easy vector to exploit because old malicious code developed for floppy disks can be easily modified for current removable media devices. Downadup.B was the most prolific threat globally in 2009 that employed this propagation method, potentially accounting for this increase.
to limit the propagation of threats through removable drives, administrators should ensure that all such devices are scanned for viruses when they are connected to a computer. if removable drives are not needed within the enterprise, endpoint security and policies can prevent computers from recognizing these drives when they are attached. Additionally, best practices policies should be implemented to mitigate the dangers of attaching unauthorized devices to computers within the enterprise.
A “man-in-the-middle attack” is an attack in which a third party intercepts communications between two computers. the “man in the middle” captures the data, but still relays it to the intended destination to avoid detection. Secure shell (SSH) is a network protocol that allows data to be exchanged using a secure channel between two networked devices; Secure Sockets Layer (SSL) is a cryptographic protocol that provides security for communications over networks such as the internet; internet protocol Security (ipsec) is a protocol suite for securing internet protocol (ip) communications by authenticating and encrypting each ip packet of a data stream. CiFS is a file sharing protocol that allows files and other resources on a computer to be shared with other computers across the internet. One or more directories on a computer can be shared to allow other computers to access the files within. Because malicious code samples often use more than one mechanism to propagate, cumulative percentages may exceed 100 percent.