Tech Shout!

Symantec Corp. has released its latest Internet Security Threat Report which reveals that the current Internet threat environment comprises mainly of increase in data theft, data leakage, and the creation of targeted, malicious code for stealing confidential information that could be used for financial gain. During this time, cyber criminals are continuing to refine their method of attacks so as to remain undetected and also to create global networks to support the ongoing growth of criminal activity.

According to Edward Lim, Country Manager, Symantec Singapore, “As cyber criminals become increasingly malicious, they continue to evolve their attack methods to become more complex and sophisticated in order to prevent detection. End users, whether consumers or enterprises, need to ensure proper security measures to prevent an attacker from gaining access to their confidential information, causing financial loss, harming valuable customers, or damaging their own reputation.”

Symantec’s Internet Security Threat report Volume XI has revealed that:

Symantec reported more than 6 million distinct bot-infected computers worldwide during the second half of 2006, representing a 29 percent increase from the previous period. However, the number of command-and-control servers used to relay commands to these bots decreased by 25 percent, indicating that bot network owners are consolidating their networks and increasing the size of their existing networks.

Trojans constituted 45 percent of the top 50 malicious code samples, representing a 23 percent increase over the first six months of 2006. This significant increase supports Symantec’s forecast from previous research, which noted that attackers appeared to be making a shift away from mass-mailing worms toward using Trojans.

Symantec documented 12 zero-day vulnerabilities during the second half of 2006, marking a significant increase from the one zero-day vulnerability documented in the first half of 2006, increasing the exposure of consumers and businesses to unknown threats.

Underground economy servers are being used by criminals and criminal organizations to sell stolen information, including government-issued identity numbers, credit cards, bank cards and personal identification numbers (PINs), user accounts, and e-mail address lists.

Theft or loss of a computer or data storage medium, such as a USB memory key, made up 54 percent of all identity theft-related data breaches.

For the first time, Symantec identified the countries with the highest amount of malicious activity originating from their networks. The United States had the highest proportion of overall malicious activity, with 31 percent; China was second, with 10 percent; and Germany was third, with 7 percent.

For the first time, Symantec tracked the trade of stolen confidential information and captured data frequently sold on underground economy servers. These servers are often used by hackers and criminal organizations to sell stolen information, including social security numbers, credit cards, personal identification numbers (PINs), and e-mail address lists. During the last six months of 2006, 51 percent of all known underground economy servers in the world were located in the United States.

Symantec observed a rise in threats to confidential information due to the increase of Trojans and bot networks enabling an attacker to gain access to a victim’s computer. Attacks that obtain sensitive data stored on an infected computer can result in significant financial loss, particularly if credit card or banking information is exposed. Threats to confidential information made up 66 percent of the top 50 malicious code reported to Symantec, an increase over the 48 percent reported in the previous period.

Over the last six months of 2006, Symantec detected a total of 166,248 unique phishing messages, an average of 904 per day, marking a 6 percent increase over the first six months of 2006. For the first time, Symantec analyzed the effects that the day of the week and seasonal events may have had on phishing attacks. Throughout 2006, Symantec detected an average of 27 percent fewer unique phishing messages on weekends than the average of 961 phishing messages on the weekdays. This trend indicates that phishing activity mirrors the business week where attackers attempt to mimic a legitimate company’s e-mail practices. However, this pattern may also indicate that phishing campaigns are short lived and most effective when victims receive and read the phishing e-mails shortly after they were distributed. Symantec observed an increase in phishing activity during major holidays and other large events, such as the FIFA World Cup, due to the fact that attackers may find it easier to craft theme specific social engineering attacks surrounding special events.