Trusted sites become primary target for hackers
The latest Symantec security report reveals that everyday trusted web sites, rather than obvious targets like banks, are now the prime target of hacking and data harvesting activities.
A global survey of IT security threats has confirmed that vulnerabilities in everyday web sites are now the main target of hacking attacks, instead of high-profile online targets, compromised applications and insecure networks.
The Internet Security Threat Report (ISTR) produced by security vendor Symantec revealed that criminals were corrupting low-profile web sites rather than banks and online payment services, so that they could reach potential victims. The number of site-specific vulnerabilities went up from just under 7,000 to over 11,000 in the last six months of 2007.
"Businesses who are dependent on websites are going to have to be very cautious on how secure they are because the sites are now becoming more and more a focus of attack," said Richard Archdeacon, senior director of Symantec Global Services.
Also in the last six months of 2007, Symantec saw 87,963 phishing hosts - computers that host one or more phishing sites. This was a massive 167 per cent increase from the first half of 2007. In nearly all geographical areas, social networks were the top sites phished.
"This means that criminals are going to sites which are most trusted," said Archdeacon. "People on these social networking sits are communicating with friends and family so these are a good area to attack and then put malware onto people's systems."
"The brand names of these sites are being used as a lever which criminals use to carry out the attacks," he added.
There was a huge increase in the amounts of malicious code. Since 2005, the total has gone up ten fold, with almost 500,000 forms of malicious code coming out in six months.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
"This code is not all unique but variations on a theme," Archdeacon said, "The attackers are becoming very sophisticated and are automating and industrialising how they produce their malware code."
"They are using application packages which are being developed, and putting a lot of time and effort because it is profitable."
Archdeacon said that from the point of view of an economist, criminal's manufacturing output had gone up as a result of the success of the market.
"We're interpreting the results as meaning there will be a lot more focused attacks on companies because the weapons are there. It is very easy to produce a piece of malware which can attack a specific target," he said.
The report also revealed that there was a burgeoning underground economy, with criminal gangs modelling their activities on mainstream business practices.
This means recruiting and building up specialist employees, outsourcing elements of their businesses and even adapting their model depending on the nature of the markets.
"We have this underground hackers exchange to buy the tools and services that the hackers require," said Archdeacon.
"In that market we've seen the standard financial instruments that they are selling such as credit cards and bank accounts can be readily turned into money.
"We've seen a lot of discounting in this market, so that indicates that there has been a lot of supply."