Symantec Corp revealed the findings of its Internet Security Threat Report, Volume 16, which shows a massive threat volume of more than 286 million new threats last year. The report highlights dramatic increases in both the frequency and sophistication of targeted attacks on enterprises;  the continued growth of social networking sites as an attack distribution platform; and a change in  attackers’ infection tactics.  In addition, it explores how attackers are exhibiting a notable shift in focus toward mobile devices.  

“The growing prevalence and capabilities of the most visible cyber-events of 2010, Stuxnet and Hydraq, have turned the focus on protecting businesses and critical infrastructure," said Shantanu Ghosh, vice president, India Product Operations, Symantec. “As India Inc. rapidly takes to mobile computing and social networking it needs to be watchful about the vulnerabilities and threats these platforms present.”

•  India was home to the third highest Stuxnet infections, after Iran and Indonesia. Stuxnet targeted sensitive information by exploiting a zero-day vulnerability in order to infect machines through removable drives.  The high infection statistics of Stuxnet in the country can be attributed to the large number of computer users in the country relying on removable media for copying data. During the reporting period, Symantec observed that the majority of malware samples in India were spread through removable drives. Indicative of the state of enterprise security in India, ISTR XVI finds the presence of older malware like DownadupB in the country. This points to the lack of basic security software and lax signature updates in Indian enterprises.
• India now ranks as the seventh largest market worldwide for social networking and the total Indian social networking audience grew 43 percent in the past year. The popularity of social networks is directly proportional to the volume of malware it attracts. One of the primary attack techniques used on social networking sites involved the use of shortened URLs. Last year, attackers posted millions of these shortened links on social networking sites to trick victims into both phishing and malware attacks, dramatically increasing the rate of successful infection.
• The report found that attackers overwhelmingly leveraged the news-feed capabilities provided by popular social networking sites to mass-distribute attacks.  In a typical scenario, the attacker logs into a compromised social networking account and posts a shortened link to a malicious website in the victim’s status area.  The social networking site then automatically distributes the link to news feeds of the victim’s friends, spreading the link to potentially hundreds or thousands of victims in minutes
• A growing number of Indian Internet users turning to instant messaging (IM) applications has opened the door for malware that spreads through IM applications and a large number of users are victims of attacks using this vector.  W32.Imaut and its family are highly prevalent in the Indian region. This malware sends malicious links that are embedded in messages sent to users found in IM contact lists

• 35 per cent of spam in APJ originated in India, and 32 per cent of APJ spam zombies attributed to India
• 11 per cent of phishing hosts in APJ were located in India
• 286 million new threats in 2010
• 93 percent increase in Web-based attacks .The use of shortened URLs also impacted this increase
• 260,000 identities exposed per breach – This is the average number of identities exposed per breach in data breaches caused by hacking during 2010, nearly quadruple that of any other cause
• 14 new zero-day vulnerabilities – Zero-day vulnerabilities played a key role in targeted attacks including Hydraq and Stuxnet.  Stuxnet alone used four different zero-day vulnerabilities
• 6,253 new vulnerabilities in 2010 than in any previous reporting period
•  42 percent more mobile vulnerabilities – The number of reported new mobile operating system vulnerabilities increased, from 115 in 2009 to 163 in 2010
• One botnet with more than a million spambots – Rustock, the largest botnet observed in 2010, had more than one million bots under its control at one point during the year.  Other botnets such as Grum and Cutwail followed with many hundreds of thousands of bots each
• 74 percent of spam related to pharmaceuticals – Nearly three quarters of all spam in 2010 was related to pharmaceutical products.