Rise in Data Theft and Targeted Attacks
Leading to Hackers’ Financial Gain
The current Internet threat environment is characterized by an increase in data
theft, data leakage, and the creation of targeted, malicious code for the purpose
of stealing confidential information that can be used for financial gain, according
to the latest Internet Security Threat Report released by Symantec Corp.
Cyber criminals continue to refine their attack methods in an attempt to remain
undetected and to create global, cooperative networks to support the ongoing
growth of criminal activity.
“Symantec’s Internet Security Threat Report gives our organization
a detailed analysis of worldwide Internet threats, helping us monitor security
risks and adjust our technology and protection processes accordingly,”
said Dan Lohrmann, chief information security officer for the state of Michigan.
“Safeguarding sensitive information and the public’s trust is essential
for our support of Michigan agencies providing law enforcement, health care,
and citizen service. The report’s comprehensive data on the global threat
landscape complements our department’s security operations.”
Symantec reported more than 6 million distinct bot-infected computers worldwide
during the second half of 2006, representing a 29 percent increase from the
previous period. However, the number of command-and-control servers used to
relay commands to these bots decreased by 25 percent, indicating that bot network
owners are consolidating their networks and increasing the size of their existing
Trojans constituted 45 percent of the top 50 malicious code samples, representing
a 23 percent increase over the first six months of 2006. This significant increase
supports Symantec’s forecast from previous research, which noted that
attackers appeared to be making a shift away from mass-mailing worms toward
The report also documented 12 zero-day vulnerabilities during the second half
of 2006, marking a significant increase from the one zero-day vulnerability
documented in the first half of 2006, increasing the exposure of consumers and
businesses to unknown threats.
Underground Economy Servers are being used by criminals and criminal organizations
to sell stolen information, including government-issued identity numbers, credit
cards, bank cards and personal identification numbers (PINs), user accounts,
and e-mail address lists.
Theft or loss of a computer or data storage medium, such as a USB memory key,
made up 54 percent of all identity theft-related data breaches.
For the first time, Symantec identified the countries with the highest amount
of malicious activity originating from their networks. The United States had
the highest proportion of overall malicious activity, with 31 percent; China
was second, with 10 percent; and Germany was third, with 7 percent.
“As cyber criminals become increasingly malicious, they continue to evolve
their attack methods to become more complex and sophisticated in order to prevent
detection,” said Arthur Wong, senior vice president, Symantec Security
Response and Managed Services. “End users, whether consumers or enterprises,
need to ensure proper security measures to prevent an attacker from gaining
access to their confidential information, causing financial loss, harming valuable
customers, or damaging their own reputation.”
For the first time, Symantec tracked the trade of stolen confidential information
and captured data frequently sold on underground economy servers. These servers
are often used by hackers and criminal organizations to sell stolen information,
including social security numbers, credit cards, personal identification numbers
(PINs), and e-mail address lists. During the last six months of 2006, 51 percent
of all known underground economy servers in the world were located in the United
States. U.S.-based credit cards with a card verification number were available
for between US $1 - $6 while an identity, including a U.S. bank account, credit
card, date of birth and government issued identification number, was available
for between US $14 - $18.
During the reporting period, Symantec observed a rise in threats to confidential
information due to the increase of Trojans and bot networks enabling an attacker
to gain access to a victim’s computer. Attacks that obtain sensitive data
stored on an infected computer can result in significant financial loss, particularly
if credit card or banking information is exposed. Threats to confidential information
made up 66 percent of the top 50 malicious code reported to Symantec, an increase
over the 48 percent reported in the previous period. Threats that could export
user data, such as user names and passwords, accounted for 62 percent of threats
to confidential information during the second half of 2006, up from 38 percent
in the first half of the year.
Home - Desktops - Laptops
- Internet - Cell
Phones - Digital Cameras
Printers - Scanners
- Contact Us -
Privacy - ContactoMagazine.com