Print
Discuss
Send to friend
RSS feedsThere is a notable shift in the type of online attacks as criminals, rather than computer geeks, increasingly target internet users in order to get hold of personal details and access to bank accounts.
According to security firm Symantec these crooks are finding increasingly sophisticated ways to carry out their attacks.
In its six-monthly Internet Security Threat Report, the company said it found that instead of internet users having to fight off multi-purpose mass threats, such as self replicating worms or viruses, that are often more of a nuisance than have a serious intent, criminals are now increasingly involved. Because of this the attacks tend to be far more targeted and use social engineering tactics to fool potential victims.
They are also using different methods and not merely trying to bypass traditional security measures such as firewalls but focusing increasingly on vulnerabilities in web applications and web browsers that people use.
Couple with lax security measures and the time it can take for security firms to develop defences, this allows them access to people's PCs. Here the criminals can either hijack the PC to use as part of a botnet to launch larger attacks, or to capture the victim's personal, financial, and confidential information.
The highest percentage of bot network command-and-control servers, 47 per cent, was situated in the United States. South Korea came second with nine percent of the worldwide total and Canada with six percent had the second and third highest numbers of botnets.
The United States continues to be where the majority of attacks originate from. Symantec said 31 per cent of all attacks start in the US. China and the United Kingdom followed with seven and six per cent respectively.
Financial services was the most frequently targeted industry, followed by education and small business.
The Symantec report also assessed the time it took for attackers to compromise newly installed operating systems in standard roles such as Web Servers and desktop systems.
Of the Web servers that were tested, a Windows 2000 Server with no patches had the shortest average time before it was compromised by malware at approximately one hour and 17 minutes.
Of the desktop PCs that were tested, ones installed with Microsoft Windows XP Professional with no patches were the first to succumb to an attack after an average time of one hour and 12 seconds.
Phishing attacks are also continuing to plague internet users. Between July 1 and December 31, 2005, phishing attempts made up one in every 119 email messages. This averaged out at 7.92 million phishing attempts per day.
Symantec said this is an increase over the first six months of 2005, when one of every 125 messages processed was a phishing attempt, making up an average of 5.70 million attempts per day.
The growing sophistication of these attacks has lead to the company to develop a security service that ties together anti-virus, anti-spam, anti-spyware, a firewall, maintenance tools and what the company calls transaction security.
This last feature aims to make online banking and ecommerce safer. The company said it will protect consumers from software such as dataloggers and screen scrapers as well as stop phishing attacks by verifying banking and major ecommerce websites and blocking spoof sites.
The Genesis package is expected to be launched around September but Symantec said no prices were available yet.
All Bugs, Patches & Fixes
del.icio.us
Digg this
reddit!
