The Stuxnet attack demonstrated what could be achieved with malware, but similar tactics are not expected to become the norm.
Talking to SC Magazine, Sian John, security strategist at Symantec, said that Stuxnet-style attacks are not common but the capability of the attack showed how advanced it could be. She said: “A lot of malware gets on to the system to get deep down and we see that trend continue with more rootkits used in targeted software.”
The Symantec internet security threat report 2011 said that targeted attacks, while not new, gained notoriety last year with the Hydraq and Stuxnet high-profile attacks against major organisations. It said that Hydraq was almost forgotten in the wake of the Stuxnet activity, as its intentions were old fashioned in comparison, as what made it stand out was that it attempted to steal intellectual property from major corporations.
The report said: “Targeted attacks did not start in 2010 and will not end there. In addition, while Hydraq was quickly forgotten and in time Stuxnet may be forgotten as well, their influence will be felt in malware attacks to come. Stuxnet and Hydraq teach future attackers that the easiest vulnerability to exploit is our trust of friends and colleagues.
“Stuxnet could not have breached its target without someone being given trusted access with a USB key. Meanwhile, Hydraq would not have been successful without convincing users that the links and attachments they received in an email were from a trusted source.”
Targeted attacks were one of the five main factors of 2010, according to the report. John said that these often require investment and development but often deliver a substantial payoff afterwards. “With a phishing campaign of 100 million messages you may get a two per cent return but with a targeted attack you target what you are after, with two different targets there are bigger returns,” John said.
The report also followed 2011 predictions that mobile malware is expected to rise. Although there have been no major infiltration stories regarding mobile platforms to date, John did point out that there were malicious Android applications removed last month. The report claims that all types of attacks are moving to mobile devices and are currently limited only by attackers getting a return on their investment.
John said: “Mobile malware is still not massive but we are seeing applications with Trojans and we expect a big jump so it is a case of ‘watch this space'. With mobile malware, at the moment the biggest problem is management and the control of information.”