Symantec Corp. has released its new Internet Security Threat Report volume XV, which highlights key trends in cybercrime from 1 January 2009 to 31 December 2009. In a year bookended by two very prominent Cyber attacks – Conficker in the opening months of the year and Hydraq at the very end – Symantec’s Internet Security Threat Report reveals continued growth in both the volume and sophistication of cybercrime attacks.
“Attackers have evolved from simple scams to highly sophisticated espionage campaigns targeting some of the world’s largest corporations and government entities,” said Stephen Trilling, senior vice president, Security Technology and Response, Symantec. “The scale of these attacks and the fact that they originate from across the world, makes this a truly international problem requiring the cooperation of both the private sector and world governments.”
The company reports an increase in the number of targeted threats focused on enterprises. Given the potential for monetary gain from compromised corporate intellectual property (IP), cybercriminals have turned their attention toward enterprises. The report found that attackers are leveraging the abundance of personal information openly available on social networking sites to synthesise socially engineered attacks on key individuals within targeted companies. Hydraq gained a great deal of notoriety at the beginning of 2010, but was only the latest in a long line of such targeted attacks including Shadow Network in 2009 and Ghostnet in 2008.
Also common were attack toolkits that make cybercrime easier, lowering the bar to entry for new cybercriminals, making it easy for unskilled attackers to compromise computers and steal information. One such toolkit called Zeus (Zbot), which can be purchased for as little as $700, automates the process of creating customised malware capable of stealing personal information. Using kits like Zeus, attackers created literally millions of new malicious code variants in an effort to evade detection by security software.
Web-based attacks continued to grow unabated. Today’s attackers leverage social engineering techniques to lure unsuspecting users to malicious Web sites. These Web sites then attack the victim’s Web browser and vulnerable plug-ins normally used to view video or document files. In particular, 2009 saw dramatic growth in the number of Web-based attacks targeted at PDF viewers; this accounted for 49 percent of observed Web-based attacks. This is a sizeable increase from the 11 percent reported in 2008.
Symantec says malicious activity takes root in emerging countries. The report saw firm signs that malicious activity is now taking root in countries with an emerging broadband infrastructure, such as Brazil, India, Poland, Vietnam and Russia. In 2009, these countries moved up the rankings as a source and target of malicious activity by cybercriminals.
According to the report, the Sality.AE virus, the Brisv Trojan and the SillyFDC worm were the threats most frequently blocked by Symantec security software in 2009. Downadup (Conficker) is still very prevalent. It was estimated that Downadup was on more than 6.5 million PCs worldwide at the end of 2009. Thus far, machines still infected with Downadup/Conficker have not been utilised for any significant criminal activity, but the threat remains a viable one.
And 2009 was another turbulent year for spam. Spam made up 88 percent of all e-mail observed by Symantec, with a high of 90.4 percent in May and a low of 73.7 percent in February. Of the 107 billion spam messages distributed globally per day on average, 85 percent were from botnets. The 10 major bot networks, including Cutwail, Rustock and Mega-D now control at least 5 million compromised computers. Throughout 2009, Symantec saw botnet infected computers being advertised in the underground economy for as little as 3 cents per computer.