Disclosure: This guest post is by Marc Fossi. executive editor of Symantec’s Internet Security Threat Report.
Cyber attacks and malicious activity continued to spread in 2009, and neither the economic recession nor geographic location slowed cybercriminals. Their businesses are thriving while the rest of the world suffers. Internet penetration around the world continues to increase, and as developing countries gain broadband access, cybercriminals have more markets to target.
Unfortunately, attack toolkits make cybercrime easier than ever before. These toolkits are available for purchase and even unskilled cybercriminals can use them to launch sophisticated attacks. The Symantec Internet Security Threat Report XV also cites an increase in Web-based and enterprise-targeted attacks. Hackers are no longer attention-seeking individuals. They are criminals who use malicious tactics to steal confidential information and money from companies and the more than 360 million Internet users in the world.
The good news, however, is that even as fraud-related activities continue to grow, there are general measures businesses and end users can follow to safeguard their assets. By gaining a better understanding of the threats and following security best practices, organizations and individuals can protect data against growing risks.
Growth of cybercrime
In 2009, Symantec blocked an average of 100 potential attacks per second. Malicious code is as prevalent as ever, with more than 240 million distinct new malicious programs identified by Symantec in 2009-a 100 percent increase over those found in 2008.
Compromised identity information continues to grow. Sixty percent of all data breaches that exposed identities were the result of hacking. This problem is not limited to a few larger enterprises. According to the Symantec State of Enterprise Security Report, 75 percent of companies surveyed experienced some sort of cyber attack during the last year.
Cybercrime is a universal problem. Attackers have evolved from simple scams to highly sophisticated campaigns targeting some of the world’s largest corporations and government entities. The scale of these attacks and the fact that they originate from across the world, makes this a truly international problem requiring the cooperation of both the private sector and world governments.
Malicious activity takes root in developing countries
Malicious activity continues to move to countries such as Brazil, Russia, India and China that now have a more robust IT and broadband infrastructure. Unfortunately, the Internet is an international medium that lacks international law enforcement procedures and cooperation, which slows efforts to fight cybercrime on a global scale.
Web-based attacks have become one of the primary mechanisms for installing malicious code on computers. They are often launched from computers other than the one the user is visiting through tactics such as a malicious advertisement. Computers hosting these attacks are more likely to affect users regardless of their location and the location of the websites they visit. According to the Symantec Internet Security Threat Report, Brazil and India both jumped into the top 10 for origin of Web-based attacks.
Underground economy thrives amid recession
Credit cards and bank accounts continued to be the most advertised items on the underground economy in 2009 with a marked increase in credit card dumps. Such dumps, which are sometimes known as cloned credit cards, showed a 150 percent increase in 2009 from 2008. That jump illustrates that although the world economy is still recovering from a recession, cybercriminals continue to flourish.
Social engineering tactics have changed to take advantage of the evolving financial landscape. More malicious messages incorporate themes such as refinancing loans, consolidating debt, reducing credit card interest rates, etc.
More enterprises targeted
Cyber attacks are not just more sophisticated, they’re also very targeted. Many of them are full-fledged campaigns that are increasingly hard to spot. These threats remain undetected to penetrate deeply into the corporate network. While these targeted attacks have been occurring for several years, they have been pushed to the forefront recently, with incidents such as Hydraq.
Targeted attacks use zero-day vulnerabilities and spear-phishing type attacks. Attackers usually do focused research into the company and its employees by gathering information from corporate websites, news articles, social networks and other sites. Many targeted attacks try to steal information about the organization’s customers and employees, but other information such as intellectual property and corporate strategies are also targeted.
Cybercrime requires less skill
The emergence of attack toolkits has made cybercrime available to anyone regardless of computer skills. Novices can purchase a kit and almost immediately begin deploying sophisticated and varied threats. Toolkits such as Zeus can be purchased for as little as $700. Some toolkits allow customization, resulting in many variants being created. Because there are an increasing number of cybercriminals entering the space the number of threats is increasing and the number of people being affected is increasing as well. The increase in these Web-based attack kits means an increase in Web-based attacks in general.
Web-based attacks continue to grow
Web-based attacks are the most prevalent attacks and they continue to increase. Four out of the top five attacks in 2009 targeted client-side vulnerabilities in widely used applications such as Internet Explorer and PDF readers. PDF suspicious file downloads was the largest single threat and accounted for 49 percent of all vulnerabilities, up from 11 percent in 2008.
Web browsers are vulnerable – of the 374 vulnerabilities document in Web browsers in 2009, 14 percent of them remain unpatched by the vendors.
Where do we go from here?
Although cybercriminals are becoming increasingly sophisticated, businesses and consumers can employ best practices to mitigate risk.
Enterprises should employ defense-in-depth strategies, which emphasize multiple, overlapping, and mutually supportive defensive systems to guard against single-point failures in any specific technology or protection methodology. Such a strategy should include antivirus, firewalls, and intrusion detection among other security measures. For example, you wouldn’t lock your front door and leave your windows unlocked. You may even use a security alarm system in addition to the locks.
Security products are available that provide these capabilities in a single integrated solution for consumers. Organizations and individuals should also make sure all of their systems are updated with the necessary security patches from the appropriate operating system vendor.
In addition, users should be cautious when browsing the Internet. It is important to log out of Web sites when a session is complete. Users should also be wary of visiting untrusted or unfamiliar sites, and they may also consider disabling scripting and active content when casually browsing the Web.
Finally, to guard against identity theft, consumers should conduct higher-risk Internet activities such as online banking or purchasing only on their own computers and not on public systems such as those in Internet cafes or libraries. Consumers should also avoid storing passwords and bank card numbers on their computers.
With cybercriminals finding it increasingly profitable to use the Internet to steal information from consumers and businesses, protection and mitigation against such attacks becomes both an individual and collective global priority. With a proven set of technologies in place and best practices followed, consumers and organizations can keep their information assets safe.