The majority of malicious activity occurring over the Internet is still being carried out through Web-based attacks, according to Symantec Corp.‘s (NASDAQ: SYMC) latest Internet Security Threat Report (ISTR).
The report, which is moving from twice-yearly to yearly because of a slowing pace of change in the threat landscape, relies on more than 240,000 sensors in over 200 countries to monitor and track attack activity, that’s collected by Symantec and other third-party data sources.
Marc Fossi, executive editor of the report for Symantec, said the latest report shows the primary driver behind malicious attacks continues to be financial gain and the underground economy. Attackers are gaining access to confidential information mostly through the use of key loggers, which amounts to 76 per cent of all threats.
“This shows that attackers want data to be collected in an automated way,” Fossi said. “Credit card numbers being sold through the underground Economy bontinues to be the number one thing advertised there, (rising) from 21 per cent in 2007 to 32 per cent in 2008.”
Financial information such as bank account credentials are the number two thing being sold through the underground economy, Fossi added, where rates were up 19 per cent in 2008.
“This is a recession-proof industry where you don’t need to make a purchase to have your credit card information stolen,” Fossi said. “As long as these (tactics) continue to work, (attackers) will continue to use them.”
Fossi also draws attention to what he calls “top bot cities”, which in Canada include Toronto, Montreal and Calgary. Because these are cities that have a very high level of broadband penetration, he said this is where most botnets occur.
“Once the attacker has all of the information they … can get from compromised computers, they can then take those compromised computers and have them download a new piece of malicious code to turn those computers into a botnet,” Fossi said. “From there, botnets can be used to house phishing sites, relay spam messages, attack additional Web servers and other end-user computers.”
Symantec’s ISTR findings reported that computer theft and loss accounted for 66 per cent of data breaches and identity theft last year. In its own security report, Microsoft recently found that lost and stolen computers and equipment make up of 50 per cent of all security breaches around the world.
Especially in a time of global economic crisis, Fossi said users should be extra cautious about their personal information and should take advantage of data loss prevention (DLP) solutions.
It’s critical for businesses, regardless of the sector they’re in, to ensure they’re implementing DLP solutions in their IT infrastructures too, said Carmi Levy, a London, Ont.-based independent technology analyst.
“The business need for DLP continues to grow and companies can’t afford to skimp out here because it’s a business critical activity,” Levy said in a previous interview. “DLP is no longer a nice-to-have (solution) because all it takes is one breach and that could be game over for the organization.”
Earlier this month, Enrique Salem, the former chief technology officer at Symantec, took over as the company’s CEO, replacing John Thompson, who retired effective April 4. Yesterday, Salem sent a letter out to Symantec’s channel community, outlining the company’s overall solutions focus and direction moving forward. You can read his letter to partners here (Microsoft Word file).