Feeds

Hackers target home users for cash

'It's war out there' says Symantec report

Internet Security Threat Report 2014

Consumers are now on the main target of malicious hackers intent on enriching themselves through the misery of others. Vulnerabilities in desktop applications and the increased use of stealth techniques are on the rise among members of the digital underground, according to the latest edition of Symantec's Internet Security Threat Report.

The report, which covers the first half of 2006, suggests that consumer security protection is weak, leaving Joe Public easy prey to identity thieves, botnet herders and other financially motivated criminals. Crackers are using a variety of techniques to escape detection and remain on infected systems for longer. Symantec reckons assaults against consumers account for 86 per cent of all targeted attacks. Banks and other financial sector organisations are the second most prevalent target for internet attacks. Phishing attacks almost doubled during the reporting period.

The first six months of 2006 saw a continuation of the trend of large, widespread internet worms giving way to smaller, more targeted attacks focusing on fraud, data theft, and criminal activity. Client-side applications such as web browsers and email clients are popular attack targets.

Vulnerabilities affecting Web applications accounted for 69 per cent of all vulnerabilities documented by Symantec in the first half of 2006. Flaws in web browsers were particularly prominent in this mix with 47 vulnerabilities documented in Mozilla browsers (compared to 17 in the last reporting period), 38 in Microsoft Internet Explorer (compared to 25 in 2H05), and 12 in Apple Safari (compared to six in 2H05). Symantec fails to say how many of these vulnerabilities are serious, so direct comparisons may be misleading.

Ollie Whitehouse, Symantec research scientist and one of the authors of the report, told El Reg that the company didn't classify in the report how many of these vulnerabilities might be used to inject hostile code, as opposed to simply crashing browsers.

Hide and seek

In the first half of 2006, 18 per cent of all malicious code samples detected by Symantec had not been seen before, indicating that hackers are trying harder to evade detection by signature-based anti virus and intrusion prevention systems.

Phishers are also attempting to bypass filtering technologies by creating multiple randomised messages. In H1 2006, 157,477 unique phishing messages were detected, 81 per cent more than the previous six months. The financial services sector was the most heavily phished, accounting for 84 per cent of phishing sites tracked by the Symantec.

Spam accounted for just over half (54 per cent) of monitored email traffic, slightly up from 50 per cent in 2H05. Malware authors are increasingly trying to tempt users into web sites hosting malicious code as opposed to burying viruses within infectious attachments, where hostile code is more likely to be blocked.

Networks of compromised PCs remain a lucrative resource for hackers. These bot networks can be used not only to spread malicious code, but to send spam or phishing messages, download adware and spyware, launch denial of service attacks, or harvest confidential user information.

Symantec identified more than 4.6m active bot network computers and observed an average of 57,717 active bot network computers per day during the first half of 2006. During the reporting period, the IT security firm observed an average of 6,110 denial of service attacks per day, a big increase from the 1,402 DoS attacks per day it recorded in the last six months of 2005. Just over half (54 per cent) of these attacks were thrown at US-based systems. ISPs bore the brunt of the onslaught.

Future imperfect

Other financially motivated attacks use modular malicious code, malware that updates itself or downloads more aggressive threat components onto compromised PCs once it gains a foothold. During the first half of 2006, modular malicious code accounted for 79 percent of the top 50 malicious code samples reported to Symantec. Malicious code samples capable of exposing confidential data represented 30 of the top 50 samples seen be the security firm.

Symantec predicts that virus writers will resurrect polymorphic virus techniques in a bid to escape detection by anti-virus filters. It also reckons hackers will apply "Web 2.0" concepts such as user-based publishing and technologies like AJAX in internet attacks.

Symantec documented 2,249 new vulnerabilities in the first half of 2006, an increase of 18 per cent over 2H05 and the highest volume of vulnerabilities recorded for any reporting period so far. Fuzzers, programs or scripts designed to find vulnerabilities in software code, will raise the vulnerability count even further.

On a more positive note, vendors are releasing software patches more quickly. The window of exposure for enterprise vendors and web browsers was 28 days, down from 50 days in the previous period. Microsoft Internet Explorer had an average window of exposure of nine days (down from 25), Apple Safari at five days (up from zero), Opera at two days (down from 18), and Mozilla at one day. These figures down take into account the effect of the latest, unpatched IE exploits might have on statistics.

For the first time, Symantec also looked at how long operating system vendors take to patch security bugs. Sun had the longest patch release time with 89 days followed by HP with 53 days. Apple took an average of 37 days while Microsoft and Red Hat had the lowest average patch release times of 13 days apiece. ®

Internet Security Threat Report 2014

More from The Register

next story
George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests
Day 4: 'News'-papers STILL rammed with Clooney nuptials
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.