Business was good for data thieves in the second half of 2006,
as they aimed their botnets and Trojan horse programs at an
increasing array of zero-day flaws and took full advantage of
misplaced or stolen USB flash drives. IT administrators should
shield their networks from those attacks and brace for fresh
phishing scams and other exploits against Windows Vista, mobile
devices and virtual environments.
That's the takeaway from Symantec Corp.'s
threat report for the period, released on Monday. It covers the
threat landscape over the six-month period between July 1 and Dec.
31, 2006 and is similar in many respects to the vendor's
threat report for the first half of 2006.
Vincent Weafer, senior director of Symantec Security Response,
in Cupertino, Calif., said attackers used 2006 to continue building
themselves a foundation for crime.
"Attackers are focused on data leakage and malcode that targets
specific organizations and it's all about how to get your data and
your assets for financial gain," he said. "The data leakage problem
is about the home user as well as the enterprise. Enterprises have
a responsibility to protect data, and there's a wider area to worry
about as they use more VoIP and smart phones. They need to know
what information is going out [via that technology]."
Among the highlights of the latest report:
- Symantec reported more than 6 million distinct bot-infected
computers worldwide during the second half of 2006, a 29% increase
from the previous period. The number of command-and-control servers
used to relay commands to these bots actually decreased by 25%,
though Weafer attributes that to botnet owners consolidating their
networks and increasing the size of their existing networks.
- Trojans accounted for 45% of the top 50 malware samples, a 23%
increase over the first six months of the year.
- Twelve zero-day vulnerabilities were counted during the second
half of 2006, marking a significant increase from the one zero-day
flaw documented in the first half of the year.
- Digital miscreants are using underground economy servers to
sell stolen information, including government-issued identity
numbers, credit cards, bank cards and personal identification
numbers (PINs), user accounts, and email address lists.
- Theft or loss of a computer or data storage medium, such as a
USB thumb drive, made up 54% of all identity theft-related data
breaches.
- Countries with the highest amount of malicious activity
originating from their networks were the U.S. at 31%; China at 10%
and Germany at 7%.
 | | | | | Attackers are focused on data
leakage and malcode that targets specific organizations and it's
all about how to get your data and your assets for financial
gain.
Vincent Weafer
Senior DirectorSymantec Security
Response |
| | | | | |
| |
|
Weafer said botnets and other malware are also increasingly used
for extortion and intimidation. "The bad guys are saying 'pay me
money or I'll give you a denial of service,'" he said.
Going forward, Symantec warned IT security professionals to
prepare for:
- Threats against Windows Vista, with a focus on vulnerabilities,
malicious code and attacks against the Teredo platform. Attackers
will also target third-party applications that run on Vista.
- New phishing economies, with phishers expected to expand their
targets to include new industry sectors like online gaming. The bad
guys will also develop and implement new techniques to sneak past
anti-phishing solutions such as block lists.
- An increase in spam and phishing attacks against mobile
platforms.
- New attacks against virtual environments as a way to compromise
host systems.