Orla Cox in the secure room of Symantec’s office in Dublin. Photograph: Kim Haughton for the Guardian
Inside the tightly controlled security area of Symantec‘s Dublin headquarters, a screen on the wall flashes up hacking hotspots as they are detected around the world. Last year the company estimated it blocked nearly 250,000 cyber-attacks. One out of every 532 websites was infected with viruses, it said, and 1.6 million instances of malware were detected.
Overall, cyber-attacks were up 42% in 2012. They range from “hacktivist” targeting of industries such as defence to the fast-growing area of “ransomware” blackmail attempts, but more than a third of attacks focused on small- to medium-size businesses employing fewer than 500 people.
Orla Cox, the senior manager of security response at Symantec’s office in north-west Dublin, said hackers – including criminal gangs, individuals and even states – regarded smaller enterprises as “stepping stones” to enable them to attack larger corporations.
In a briefing last week, Cox also said Twitter was perceived as a weak link. Last month Syrian hackers claimed responsibility for a bogus tweet from an Associated Press account that sent stock markets into temporary freefall. “The security of Twitter is not strong and Twitter is going to have to do something about that,” Cox said.
Symantec’s Dublin hub, with 800 workers including 60 in its security division, plays a key part in global computer security because in terms of timezones it lies between the company’s two other main operations, in California and Tokyo.
The Irish office was the first to detect the Stuxnet virus, which has caused severe damage to the Iranian nuclear programme in Natanz. The virus, which entered the country’s nuclear industry system via computers sold to Iran from Europe, caused centrifuges used in uranium enrichment to spin out of control. Symantec is reluctant to state its view on the origin of the highly sophisticated virus but most security analysts believe Israel was behind it.
Cox said Stuxnet was probably not the end of it. She predicted those behind the virus were probably developing a new “son of Stuxnet” in the campaign to sabotage Iranian nuclear efforts.
Ransomware has become a bigger challenge in the last 12 months, according to Symantec. The company has identified 16 cybercrime gangs using ransomware, which in the space of 18 days in 2012 alone infected 500,000 computers.
“It works by shutting down your computer with a virus and then sending out a bogus warning that a user has been looking at something illegal,” Cox said. “They tell the user they can only get the computer back running if they pay a ransom, in some cases of $100, usually by buying a moneypack voucher and then sending the code transferring the amount to the gang. If the user for instance has been browsing a porn site they are going to believe the warning and pay up.
Such scams netted the 16 gangs about $5m in 2012, she said. In many cases paying through an anonymous money transfer system did not necessarily ensure an infected computer was unlocked, the company pointed out. In some cases ransomware can capture images of the targeted user via webcam, which is displayed when a computer screen is frozen to intimidate the victim.
Cox said there were now online toolkits hackers could buy on the internet to enable them to break into bank accounts. She said hacking into the financial system and online banking theft was mainly the work of gangs from Russia, Ukraine and other former Soviet states.
Symantec also expressed concern about teenagers and young adults being targeted on Twitter, Facebook and other social networks because they were less guarded about their personal data and in particular their usernames and passwords. The company said the intersection of smartphones and social media would become an important security battleground.
Cox said Symantec believed Apple products were less prone to attack, with iPhones for instance being safer because they are “completely locked down”. However, she said Apple Macs are “not impervious” to hacking.
In the last weekend of April the Guardian also came under a cyber-attack from Syrian hackers who have targeted a series of western media organisations in an apparent effort to cause disruption and spread support for Bashar al-Assad‘s dictatorship. The Syrian Electronic Army (SEA) claimed responsibility for the Twitter-based attack, having previously also targeted the BBC, France 24 TV, and National Public Radio in the United States.
Cyber-attacks believed to emanate from North Korea have recently caused disruption to media organisations in South Korea.