Symantec.com > Enterprise > Security Response > Internet Security Threat Report > View the Report > Malicious Code Trends

Malicious Code Trends

Malicious Code Trends | Top Malicious Code Families | Analysis of Malicious Code Activity by Geography, Industry Sector and Company Size | Propagation Mechanisms | Industrial Espionage: Targeted Attacks and Advanced Persistent Threats (APTs) | TRIAGE Analysis of Targeted Attacks

Threats to Confidential Information

Background

Some malicious code programs are designed specifically to expose confidential information that is stored on an infected computer. These threats may expose sensitive data such as system information, confidential files and documents, or logon credentials. Some malicious code threats, such as backdoors, can give a remote attacker complete control over a compromised computer.

Threats to confidential information are a particular concern because of their potential for use in criminal activities. Operators in the underground economy use these malicious threats to gain access to banking and credit card information and online credentials, and to target specific enterprises. With the widespread use of online shopping and Internet banking, compromises of this nature can result in significant financial loss, particularly if credit card information or banking details are exposed.

Within the enterprise, the exposure of confidential information can lead to significant data loss. If it involves customer-related data such as credit card information, customer confidence in the enterprise can be severely undermined. Moreover, it can also violate local laws. Sensitive corporate information including financial details, business plans, and proprietary technologies could also be leaked form compromised computers.

Methodology

This metric assesses the prominence of different types of threats to confidential information in 2010. To determine this, Symantec analyzes the top 50 malicious code samples (as ranked by the volume of potential infections reported during the year). Each sample is analyzed for its ability to expose confidential information and these findings are then measured as a percentage of threats to confidential information.

Data

Figure 18. Threats to confidential information, by type
Source: Symantec Corporation


Commentary

Threats to confidential information that allow remote access: Malicious code that allows remote access accounted for 92 percent of threats to confidential information in 2010, up from 85 percent in 2009. Remote access has been the most prominent threat to confidential information for some time, likely because of the convenience and versatility it provides attackers. Remotely accessing compromised computers allows attackers to perform a wide variety of additional actions that need not be hardcoded in the malicious code that establishes the backdoor.

Threats to confidential information that export user data and log keystrokes: In 2010, 79 percent of threats to confidential information export user data, and 76 percent were keystroke loggers, up from 77 percent and 74 percent in 2009, respectively. Both of these threats are effective means for attackers to harvest sensitive financial information, online banking or other account credentials, and other confidential information.

Growth of threats to confidential information: As observed in previous years of the Symantec Internet Security Threat Report, each category of threats to confidential information is slowly growing, a trend that continued in this reporting period. In 2010, 64 percent of potential infections by the top 50 malicious code samples were threats to confidential information, an increase from 58 percent in 2009. The importance of these threats to the financial considerations of attackers is the primary driver behind this; the exposure of information that can be used or sold for monetary gain is an integral aspect of cybercrime that uses malicious code.