Cybercriminals today are taking smaller steps and focusing more on targeted attacks to avoid detection and yield higher profits.
The report “Internet Security Threats” released by Symantec yesterday revealed that in the second half of 2005, cybercriminals shifted their focus from large-scale attacks aimed at breaching firewalls and network routers to targeting desktop computers and web applications through methods of stealing personal financial information.
Statistics from Symantec’s report also showed that malware threats such as viruses, worms, and trojans specifically designed to steal users’ confidential information accounted for up to 80% of the Top 50 most dangerous malware. This figure has increased by 6% compared to the first half of 2005.
Online scams, such as phishing attacks that trick users into revealing confidential information like passwords, credit card information, and other financial data, have also seen a significant rise.
Data indicates that from July 1 to December 31, 2005, for every 119 processed electronic messages, there was 1 phishing email. This statistic has pushed the average daily phishing emails to 7.92 million – an increase of 2.22 million compared to the first six months of the year.
Vincent Weafer, Senior Director of Symantec Security Response, stated that hackers are gradually shifting from spreading viruses or worms capable of infecting hundreds of thousands of different computers to focusing on smaller-scale attacks.
Vincent believes that cybercriminals currently do not want to “wage war” against the security response teams of security companies worldwide through “high-profile” attacks; instead, they prefer to conduct secretive attacks on users’ systems.
Evidence of this, Vincent asserts, is the significant decrease in the notoriety of viruses that once made headlines, such as the Blaster worm.
“Instead of sending a worm capable of infecting thousands of desktop computers, criminals are organizing smaller but more dangerous attacks. Simply put, they want to infiltrate users’ systems discreetly.”
The “Internet Security Threats” report also indicated a growing threat from botnets—networks used to orchestrate attacks. Cybercriminals often create these tools by illegally taking control of a large number of different computers.
Every day, Symantec records a total of 1,402 denial-of-service attacks utilizing botnets—an increase of more than 51% compared to the previous report.
China is gradually becoming a major “source” of botnet attacks as the growth rate of broadband networks in the country is experiencing significant expansion.
