Symantec has released a research claiming that hackers all over the world are now adopting new business-like strategies to perform malicious activity.
The latest Internet Security Threat Report that was released by Symantec has claimed that cyber criminals are becoming more professional – even commercial – in the development, distribution and use of malicious code and services.
While cybercrime continues to be driven by financial gain, cyber criminals are now utilising more professional attack methods, tools and strategies to conduct malicious activity.
Symantec has detected an increase in cyber criminals leveraging sophisticated toolkits like the MPack to carry out malicious attacks. This professionally developed toolkit sold in the underground economy, allows an attacker to install malicious code on thousands of computers around the world and then monitor the success of the attack through various metrics on its online, password protected control and management console.
In addition to the MPack, phishing toolkits that allow an attacker to automatically set up phishing various websites, are also available for professional and commercial cybercrime. Hackers have also resorted to a number of multi-staged attacks which consist of an initial attack that is not intended to perform malicious activities immediately, but that is used to deploy subsequent attacks. One example of a multi-staged attack is a staged downloader that allows an attacker to change the downloadable component to any type of threat that suits the attacker’s objectives.
Senior Vice President for Symantec’s Security Response and Managed Services, Arthur Wong said, “In the last several Internet Security Threat Reports, Symantec discussed a significant shift in attackers motivated from fame to fortune. The Internet threats and malicious activity we are currently tracking demonstrate that hackers are taking this trend to the next level by making cybercrime their actual profession, and they are employing business-like practices to successfully accomplish this goal.”
Additional Key Findings:
- Credit cards were the most commonly advertised commodity on underground economy servers.
- Symantec documented 237 vulnerabilities in Web browser plug-ins. This is a significant increase over 74 in the second half of 2006, and 34 in the first half of 2006.
- Malicious code that attempted to steal account information for online games made up 5 percent of the top 50 malicious code samples by potential infection.
- Spam made up 61 percent of all monitored e-mail traffic, representing a slight increase over the last six months of 2006 when 59 percent of e-mail was classified as spam.
- Theft or loss of computer or other data-storage medium made up 46 percent of all data breaches that could lead to identity theft.