Attackers are developing portfolios of techniques for making money with cybercrime.
Widespread attacks by hackers seeking notoriety are becoming less popular, as cybercriminals instead focus on targeted attacks for profit, Symantec Corp. reported Monday in its biannual Internet Security Threat Report.
Some attackers are earning fees each time a piece of malware is downloaded onto a computer. Others are demonstrating functionality before sale of malware. Hackers also are offering bot networks for hire, allowing attackers to extort money from E-commerce sites by threatening denial-of-service attacks.
Symantec found denial-of-service attacks alone have grown 680% since last year.
Credit-card and banking details and other confidential information are getting exposed more frequently, according to the report. Programs and code that uncover confidential information represented 75% of the 50 most prevalent pieces of malware in the last six months, a 37% increase over the previous six.
Meanwhile, vulnerabilities in programs were uncovered in record levels. Almost half of these vulnerabilities were classified as "high severity" by Symantec. Almost 60% were in Web applications. "Web applications are an underestimated risk," report editor Dean Turner says, noting that bugs that exploit these vulnerabilities are simple and easy for hackers to find.
Symantec also saw an increase in the number of targeted attacks. The most frequently targeted sector is small business, followed by accounting and education. Small businesses account for 38% of all attacks, despite a Small Business Technology Institute study that reported 80% of small businesses think they have sufficient security in place.
The Symantec report also dealt with future attacks. Symantec predicts that bots and bot networks (hijacked ad hoc networks of machines) will increase in number and sophistication. It predicts an increasing presence of modular malicious code, code that downloads additional functionality to a machine and can be repurposed remotely to do more malicious things. The company also sees emergent voice-over-IP and wireless security threats because many users of these technologies do not take security precautions. Said Turner, "As new technologies emerge, so do risks."
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.