Symantec Report: Cybercrime on the Rise

In the past, cyber attacks were largely designed to destroy data, but today’s attacks are increasingly designed to silently steal data for profit without doing system damage that would be noticeable to a user, according to the latest Symantec Internet Security Threat Report.

Symantec released on Tuesday the ninth volume of its ongoing threat report, covering the six-month period from July 1, 2005 to Dec. 31, 2005. The report marks an increase in threats designed to facilitate cybercrime. Malicious code threats that could reveal confidential information rose from 74 percent of the top 50 malicious code samples last period to 80 percent this period.

“Cybercrime represents today’s greatest threat to consumers’ digital lifestyle and to online businesses in general,” said Arthur Wong, vice president, Symantec Security Response and Managed Security Services.

Crimeware Tools Expand Reach, Function

Cybercrime-related threats are gaining momentum through the use of what is known as crimeware, software tools built with the purpose of committing online scams and stealing information from consumers and businesses, according to Symantec.

Attackers are moving away from large, multiple purpose attacks against traditional security devices such as firewalls and routers. Instead, they are focusing their efforts on regional targets, desktops and Web applications that may allow an attacker to steal corporate, personal, financial, or confidential information; this information could then be used for additional criminal activity, the company reported.

“This is nothing new,” Basex CEO and Chief Analyst Jonathan Spira told the E-Commerce Times. “We’ve seen malware that is designed to silently steal money and personal information for several years. It’s just impacting more people. The people who are writing the malware are getting a little more clever and obviously each day the stakes are raised.”

Criminal Bots

Programs that provide attackers with unauthorized control of a computer, known as bots, also contribute to the rise in cybercrime threats. While the number of bot-infected computers is 11 percent lower than last period — with an average of 9,163 infected systems identified each day during thecurrent reporting period — bot networks are increasingly used for criminal activities such as denial of service (DoS)-based extortion attempts.

Symantec estimates that this measurement is only capturing a portion of global activity and that the actual infection numbers are likely to be much higher. On average, Symantec observed 1,402 DoS attacks per day, a 51 percent increase over the previous reporting period. Symantec speculates that this growth trend will continue as attackers leverage an increasing number of Web-based application and browser vulnerabilities.

“It’s important to note that this is actually an evolutionary trend not a revolutionary trend,” Spira explained. “Just as the proliferation of Internet access has made it easy for people to get information, share information and buy goods, it has also put increased power in the hands of otherwise lovely old ladies who are now robbing banks.”

Targeting Web Applications

In the previous report, Symantec speculated that attacks directed at Web applications would increase. During the current reporting period, 69 percent of the vulnerabilities reported to Symantec affected Web application technologies, a 15 percent increase over the previous period.

Web application technologies, which rely on a browser for their user interface, present an easier target for attackers due to their availability over commonly allowed protocols such as HTTP, the company noted.

Symantec has also seen an increase in modular malicious code, which initially possesses limited functionality but is designed to update itself with new, more damaging capabilities. Modular malicious threats often expose confidential information that can then be used in identity theft, credit card fraud, or other criminal financial activities.

During the last six months of 2005, modular malicious code accounted for 88 percent of the top 50 malicious code samples reported to Symantec, up from 77 percent last period.

“There’s a market for malware. People can buy, trade and download malware much like they buy digital music from iTunes,” Spira said. “You just have to know where to go. You have to know the secret knock.”

The China Factor

China experienced the largest increase of bot-infected computers, with 37 percent growth — 24 percentage points above the average increase — putting China behind only the U.S. in this category.

The increase is likely related to China’s rapid growth in broadband Internet connections. China also saw the largest overall increase in originating attacks; such attacks increased by 153 percent over the last period, marking 72 percentage points above the average increase. Bots may be an increasing source of this activity, Symantec said.

An Eye on Phishing

Phishing threats, which are attempts to deceive users into revealing confidential information, continued to increase during the last half of 2005 while focusing on smaller, regional targets.

During the last half of 2005, 7.92 million daily phishing attempts were identified, an increase over the 5.70 million attempts per day in the previous reporting period. Symantec expects to see an increase in the number of phishing messages and malicious code distributed through instant messaging services in the future.

Overall, Symantec documented 1,895 new software vulnerabilities, the largest total recorded number of vulnerabilities since 1998. Of these, 97 percent were considered moderately or highly severe and 79 percent were considered easy to exploit.