Attackers Choose Fortune Over Fame - InformationWeek
IoT
IoT
News
News
9/19/2005
05:36 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Attackers Choose Fortune Over Fame

Attackers are developing portfolios of techniques for making money with cybercrime.

Widespread attacks by hackers seeking notoriety are becoming less popular, as cybercriminals instead focus on targeted attacks for profit, Symantec Corp. reported Monday in its biannual Internet Security Threat Report.

Some attackers are earning fees each time a piece of malware is downloaded onto a computer. Others are demonstrating functionality before sale of malware. Hackers also are offering bot networks for hire, allowing attackers to extort money from E-commerce sites by threatening denial-of-service attacks.

Symantec found denial-of-service attacks alone have grown 680% since last year.

Credit-card and banking details and other confidential information are getting exposed more frequently, according to the report. Programs and code that uncover confidential information represented 75% of the 50 most prevalent pieces of malware in the last six months, a 37% increase over the previous six.

Meanwhile, vulnerabilities in programs were uncovered in record levels. Almost half of these vulnerabilities were classified as "high severity" by Symantec. Almost 60% were in Web applications. "Web applications are an underestimated risk," report editor Dean Turner says, noting that bugs that exploit these vulnerabilities are simple and easy for hackers to find.

Symantec also saw an increase in the number of targeted attacks. The most frequently targeted sector is small business, followed by accounting and education. Small businesses account for 38% of all attacks, despite a Small Business Technology Institute study that reported 80% of small businesses think they have sufficient security in place.

The Symantec report also dealt with future attacks. Symantec predicts that bots and bot networks (hijacked ad hoc networks of machines) will increase in number and sophistication. It predicts an increasing presence of modular malicious code, code that downloads additional functionality to a machine and can be repurposed remotely to do more malicious things. The company also sees emergent voice-over-IP and wireless security threats because many users of these technologies do not take security precautions. Said Turner, "As new technologies emerge, so do risks."

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll