Enduring attack trends : ISTR XII

Volume XII of Symantec's Internet Security Threat Reportis out and shows that malicious activity over the Internet is here tostay. During the first six months of 2007, our analysis of theproportion of malicious activity in each country showed little varianceform the last reporting period. There was some change in certainspecific areas of malicious activity, but overall it seems that once amalicious Internet population is established in a country, it remainsthere.

For example, the United States saw a drop in bots, while China saw arise. The United States also saw a drop in Internet attacks, whileChina saw a rise; overall, though, the malicious activity in these twocountries didn’t really change. Thus, any change is more due to thechanging trends in malicious activity. While bots that propagatethrough vulnerabilities in network-based services seem to be on thedecline in one country, other malicious activities tend to move intothe vacuum. Because of this, it is likely that changes in the trend arejust that. It isn’t necessarily that the number of attackers is growingor shrinking, it is just that they are shifting their interests.

As with many security threats emerging, this type of trend islargely profit driven. When one type of malicious activity is not aseffective at another for generating profits, then interest wanes andthere is a shift. Currently the popular profit generating activity isidentity theft. A lot of all the old malicious activity is being benttowards facilitating identity theft. Not surprisingly, hacking played ahuge role in identity theft breaches in the first half of 2007.Although hacking wasn’t the reason for the most breaches, it did exposethe most identities by far.

The profit motive trend is likely to continue. Bot owners willlikely find more innovative ways to make money from them, and so thefavorite malicious activity will continuously change. However, as longas malicious activity can be used to make money, it will always bearound.

For more information about the threat landscape, please see Volume XII of Symantec's Internet Security Threat Report.