Check out our previous article
Symantec Threat Report Documents Increasingly Sophisticated Attacks
The Symantec Internet Security Threat Report provides a six-month update of Internet threat activity. It includes analysis of network-based attacks, a review of known vulnerabilities, and highlights of malicious code. It also assesses trends in phishing and spam activity. This article provides an overview of the latest report, covering the six-month period from January 1 to June 30, 2007.
Attacks continue to evolve
Over the past several reporting periods, Symantec has observed a fundamental change in the threat landscape. Attackers have moved away from nuisance and destructive attacks and toward activity that is motivated by financial gain. Today’s attackers are increasingly sophisticated and organized, and they have begun to adopt methods that are similar to traditional software development and business practices.
In previous Internet Security Threat Reports, Symantec has also reported that global, decentralized networks of collaborative malicious activity were beginning to appear. Moreover, distinct regional threat patterns were beginning to emerge. In response to these trends, Symantec has released three new reports: the EMEA Internet Security Threat Report for Europe, the Middle East, and Africa (EMEA); the APJ Internet Security Threat Report for the Asia-Pacific/Japan (APJ) region; and the Government Internet Security Threat Report, which focuses on threats and trends that are of specific interest to organizations in the government.
Today, the threat landscape is arguably more dynamic than ever. As security measures are developed and implemented to protect the computers of end users and organizations, attackers are rapidly adapting new techniques and strategies to circumvent them. Based on the data collected during the first six months of 2007, Symantec has observed that the current security threat landscape is characterized by the following:
- Increased professionalization and commercialization of malicious activities To meet the needs of what has become a multi-billion dollar criminal industry, much malicious activity has become professionalized and commercialized over the past two years. MPack was one of the notable security threats that emerged in the first half of 2007. It is a commercially available black-market attack toolkit that can launch exploits for browser and client-side vulnerabilities against users who visit a malicious or compromised Web site. Symantec believes that MPack was professionally written and developed. The robustness of MPack suggests that it benefited from professional development. Plus, there is evidence that MPack was selling online for $1,000 .
- Threats are increasingly targeted at specific regions While there have always been attacks that are regional in nature, recent analysis indicates that attackers are currently focusing more on targets that share a common language, infrastructure, or online activity. Where earlier threat activity was predominantly global in nature, the expansion of broadband Internet into areas that have traditionally not been served by high-speed connectivity has given attackers new targets. In part, this is because new broadband users may not be aware of the precautions required to protect their computers. It is also likely because rapidly expanding Internet service providers (ISPs) tend to focus their resources on meeting growing demand at the expense of implementing adequate security measures. During the first six months of 2007, EMEA accounted for 43% of all potential infections caused by worms, while North America accounted for just 23%. This may indicate that defenses implemented by North American ISPs are successfully limiting the spread of network worms.
