Cyber crime is changing. Not only is the profile of the criminal quite different from what we have long understood to be the case, their motivation and techniques have developed and are more sophisticated and sinister. Individuals and companies have to be proactive in their approach to defence.
According to the latest edition of the Symantec Internet Security Threat Report, attacks and malicious code dominate cyber crime and the target has moved from being the network perimeter and is now Web browsers and Web applications.
Attackers are no longer isolated pockets of mainly disorganised individuals whose chief aim is to test skills against security systems or digitally trespass and deface websites. Today, cyber criminals are organised, in many cases part of syndicates, established to carry out threats to extract information for fraud, extortion and other criminal acts.
In terms of vulnerability trends, Symantec noted 1896 new vulnerabilities, the highest recorded number since 1998 and Web application vulnerabilities made up 69% of all vulnerabilities during this period. In addition, on average, 49 days elapsed between the disclosure of a vulnerability and the release of an associated patch by the vendor. The company also documented 40% more vulnerabilities in 2005 than in 2004.
The general trend points to an increase in vulnerabilities and companies are being forced to address this issue across the infrastructure.
According to the Report, the latter half of 2005 attracted more than 10 992 new Win32 viruses and worms. This was marginally up from the 10 886 in the first half of the year. Sober.X was the most widely reported malicious code sample, followed by Nestky.P and Mytob.ED.
Other sobering facts documented in the Report include Symantec having blocked 1.5 billion phishing attempts, representing a 44% increase over the first half of 2005; and an average of 7,9 million phishing attempts per day - an increase of 39%.
As far as threat activity for the period July to December 2005 is concerned, Symantec has taken note of the following key trends, amongst others:
In light of the overall increase in level and sophistication of attacks, companies have little choice but to be proactive in their approach to IT security.
The integration of technology and systems must take into consideration critical business requirements and incorporate the roles of people, processes and procedures.
At the end of the day, there are options, solutions and strategies that businesses and individuals can use to defend themselves against attacks and avoid a potentially painful lesson.
