The annual McAfee Virtual Criminology Report reported a tripling in the volume of cyber attacks it monitors each year. "We are on an exponential upwards curve," McAfee security analyst Greg Day told Computer Weekly.
Day said cybercriminals are using all the existing attacks plus new ones to steal information they can sell. He said the latest scam was to pay "a couple of hundred dollars a month" to website owners to host a few lines of Java code.
"That is attractive to a lot of people these days," Day said. The trouble is that the code can download different types of malware onto unsuspecting visitors to the website, he said.
Cybercrime is slipping down governments' agenda, the report found. This means less funding to fight it, hence fewer cybercops and therefore less risk to cybercriminals.
Day said the UK government's intention to spend £7m on a specialist e-crime police unit needed to be seen against the US's budgeted $155m for the same purpose.
Day called for more educationfrom the end-user to the judiciary to alert people to the threat posed by cybercrime. He also called for Council of Europe treaties aimed at fighting international cybercriminals, particularly regarding data sharing and jurisdiction, to be updated, ratified and implemented.
He said a data breach law was essential for ordinary people to become aware when their details might be compromised. "At last the Data Protection Act is getting teeth," he said. This was a reference to the Information Commissioner's new powers to bring criminal prosecutions for deliberate or negligent disclosure of personal data.
The report found cybercriminals cashing in on consumer anxiety about the credit crunch with old-fashioned get-rich-quick scams. Others were setting up fake job sites to harvest CV data from desperate job seekers. Some of them are recruited as "money mules" to launder cybercriminal gains, Day said.