Symantec's latest Internet Security Threat Report, covering the last six months of 2007, reveals that hackers are using the Web more than ever before to target users. The bi-annual report draws on data gleaned from millions of Internet sensors, first-hand research, and active monitoring of hacker communications.
The findings of the report have profound ramifications for small and midsize businesses. As increasing numbers of employees participate in social networks and other Web 2.0 applications, both inside and outside of the workplace, attackers have adopted stealthier techniques to take advantage of these new technology trends. While most malicious attacks were previously carried out through compromised Web sites or by targeting network computers, hackers are now targeting home and work computers through the Web, as well as through sites that users trust, such as social networking Web sites.
The growing trend of targeting Web sites and site-specific vulnerabilities is of great concern because it allows cybercriminals to carry out multi-stage attacks. By compromising trusted sites, hackers are increasing the likelihood that malicious code will make its way onto users' computers, since users are more likely to download a file or execute code from a site they trust. In addition, by targeting trusted sites attackers can spread malware quickly through a victim's online social network.
"Avoiding the dark alleys of the Internet was sufficient advice in years past," said Stephen Trilling, vice president, Symantec Security Technology and Response, in a statement. "Today's criminal is focused on compromising legitimate Web sites to launch attacks on end-users, which underscores the importance of maintaining a strong security posture no matter where you go and what you do on the Internet."
In the last six months of 2007, Symantec observed 87,963 phishing hosts – computers that host one or more phishing Web sites. That's an increase of 167% from the first half on 2007. The report also found that 80% of the brands targeted by attackers were in the financial sector. Since the majority of phishing activity pursues financial again, this sector is an obvious focus for cybercriminals, who are after highly profitable user data such as bank account, credit card, or Social Security numbers.
Not surprisingly, the ISP sector accounted for the second highest volume of phishing attacks. ISP accounts can be very valuable targets because people often use the same username and password for multiple accounts, including email. So, by obtaining a user's ISP authentication credentials, a phisher might subsequently gain access to other accounts. Additionally, a breached ISP account allows phishers to host fraudulent Web sites using the free Web-hosting space often included in these accounts or to use the email accounts to send spam and to launch other phishing attacks.
Increasingly, malicious activity has shifted away from targeting computers. The majority of threats to confidential information are now aimed at users. For example, a keylogger program covertly installed on a computer will silently record all the keystrokes a user makes and then send that information back to cyberthieves. Symantec reports that in the last six months of 2007, 68% of the most prevalent malicious threats attempted to gather and compromise confidential information. This is consistent with the shift towards financially motivated malicious activity that Symantec has been observing over the past two years.
The report also reveals that attackers are leveraging a maturing underground economy to advertise, sell, and trade stolen information and services typically used in identity theft. This economy closely mimics the legitimate business world. For example, the price of a credit card in this underground market is determined by factors such as the location of the issuing bank. Credit cards from the European Union cost more than those from the United States due to the smaller supply of cards circulating in the European Union. Bank account credentials have become the most frequently advertised item, making up 22% of all goods and selling on the black market for as little as $10.
Symantec's latest Internet Security Threat Report shows that hackers are increasingly compromising legitimate Web sites and using them as a distribution medium to attack both home and corporate computers. This means online users can be infected simply by visiting Web sites they believe they can trust. In addition, by leveraging site-specific vulnerabilities hackers are able to launch multi-stage attacks that can propagate very quickly among users.