Symantec report focuses on threat of targeted attacks

In the world of security, targeted attacks should be a real concern--and extremely worrisome--to organizations around the world, Symantec said in a new quarterly report on attacks on critical infrastructure.

"The customization of targeted attacks can make them more dangerous than non-targeted attacks because they are tailored explicitly to affect a target group," Symantec wrote in its quarterly report (PDF). The company said that targeted attacks are currently being used to take data from companies, steal information for financial gain, or to simply cause "mischief."

Targeted attacks have been gathering some notoriety over the past couple years, mainly because of the Hydraq Trojan and Stuxnet, which the Symantec report focused on.

The Hydraq Trojan, which was first discovered in January 2010, attempted to gain access to corporate networks through e-mail attachments or as a download through compromised Web sites. After the Trojan was executed, attackers were able to access a corporate computer through a back door to modify files or steal sensitive information. The threat eventually subsided in February 2010 as companies became aware of the issue.

Stuxnet, on the other hand, is far more widespread. The threat, which became well-known after targeting Iran's nuclear program, was estimated to have over 100,000 hosts through September, Symantec told CNET in a story published today. Almost 60 percent of those hosts are in Iran.

Symantec's Ralph Langner told CNET that he believes that the focus of the targeted attack has always been intended to "destroy centrifuges but also to lower the output of enriched uranium" in Iran.

But Stuxnet can do more than target nuclear programs. The payload is capable of disrupting control systems used at chemical facilities, power plants, and other vastly important facilities.

Symantec's quarterly report specifically pointed to Stuxnet as a prime example that targeted attacks on control systems for important machinery and equipment, including "power generation and distribution"--known as supervisory control and data acquisition (SCADA)--can often be "politically motivated or state-sponsored." The security firm was able to document 10 vulnerabilities on SCADA targets during the fourth quarter, and a total of 15 SCADA vulnerabilities on the year. Symantec pointed out that the number of reported vulnerabilities is "typically very small" because it's a niche in security research.

Protecting against targeted attacks is an important step in limiting issues with SCADA systems, Symantec said. The security firm recommends that companies eliminate the ability for "SCADA protocols and devices" to access the Internet. If Internet connectivity is necessary, however, Symantec recommends that companies "limit access" to cut down on the possibility of trouble breaking out.