Symantec Global internet Security threat report
India also experienced a surge in malicious activity in 2009, moving from 11th for overall malicious activity in 2008 to fifth in this period. in 2009, india also accounted for 15 percent of all malicious activity in the Asia-pacific/Japan (ApJ) region, an increase from 10 percent in 2008. For specific categories of measurement in the ApJ region, india increased rank in malicious code, spam zombies and phishing hosts from 2008. its high ranking in spam zombies also contributed to india being the third highest country of spam origin globally. Malicious activity tends to increase in countries experiencing rapid growth in broadband infrastructure and connectivity, and the level of malicious activity occurring in india has been increasing steadily over several reporting periods as its broadband infrastructure and user base grows.5
Targeted attacks focus on enterprises
targeted attacks using advanced persistent threats (Apt) that occurred in 2009 made headlines in early 2010.6 Most notable of these was the Hydraq trojan (a.k.a., Aurora).7 in January 2010, reports emerged that dozens of large companies had been compromised by attackers using this trojan.8 While these attacks were not novel in approach, they highlighted the methods by which large enterprises could be compromised.
typically, this type of attack begins with some reconnaissance on the part of attackers. this can include researching publicly available information about the company and its employees, such as from social networking sites. this information is then used to create specifically crafted phishing email messages, often referred to as spear phishing, that target the company or even specific staff members.9 these email messages often contain attachments that exploit vulnerabilities in client-side applications, or links to websites that exploit vulnerabilities in Web browsers or browser plug-ins. A successful attack could give the attacker access to the enterprise’s network.
in the case of the Hydraq attack, a previously unknown vulnerability in Microsoft® internet Explorer® and a patched vulnerability in Adobe® reader® and Adobe Flash® player are exploited to install the trojan.10 Once the trojan is installed, it lets attackers perform various actions on the compromised computer, including giving them full remote access. typically, once they have established access within the enterprise, attackers will use the foothold that they have established to attempt to connect to other computers and servers and compromise them as well. they can do this by stealing credentials on the local computer or capturing data by installing a keystroke logger.
Usually, when this type of attack is performed against individuals or by less sophisticated attackers, the attack is used to gather all the information immediately available and move on to the next target. However, Apt attacks are designed to remain undetected in order to gather information over prolonged periods. this type of attack has been observed in other large-scale data breaches that caused large numbers of identities to be exposed (figure 1).11
6 7 8 9
http://point-topic.com/dslanalysis.php and/or http://www.indiabroadband.net/india-broadband-telecom-news/11682-india-register-500-growth-broadband-services-within-5-years.html An advanced persistent threat (Apt) is usually a sophisticated threat that hides its presence to remain installed and undetected on a computer. http://www.symantec.com/security_response/writeup.jsp?docid=2010-011114-1830-99 http://www.symantec.com/connect/blogs/hydraq-attack-mythical-proportions Spear phishing is a targeted form of phishing where the apparent source of the email is likely to be an individual within the recipients’ company and generally someone in a position of authority. this is discussed in greater detail in “phishing activity by sector,” further down in the report. http://www.securityfocus.com/bid/37815 http://news.bbc.co.uk/2/hi/americas/7970471.stm