Symantec Warns Of '06 Security Threat - InformationWeek
04:20 PM

Symantec Warns Of '06 Security Threat

The new year could usher in a steep rise in targeted attacks, as would-be hackers move away from headline-grabbing viruses to focus on lower-profile, profit-motivated attacks targeting the most vulnerable users.

A number of security vendors have published reports or press releases that identify the top security trends for 2006. These companies all have charted a steep rise in targeted attacks over the past year as would-be hackers move away from headline-grabbing, far-reaching attacks to more profit-motivated ones targeted at a narrower range of victims.

In an interview this week with VARBusiness, Symantec's senior director of security response Vincent Weafer said that while widespread worm and virus outbreaks aren't totally a thing of the past, they are being overshadowed by these new threats.

"We're seeing a significant decrease in global events and moving toward low-volume, low-profile attacks that are based on profit," he said.

He noted that Symantec has identified a 700 percent increase in bot-nets over the past year, along with a 143 percent rise in the amount of malicious code traveling across the Internet, and a doubling of phishing attacks during the same period. These are the instances -- only recently getting more publicity -- of infiltrators trying to dupe people into giving away personal information, such as social-security numbers and passwords to banking or credit-card sites.

Weafer said this new trend is especially troubling because it targets the most vulnerable users and is not yet seen as that big a deal by many users.

"Because we're not seeing this on the news the way we do with attacks like the Sober or Zotob worms, there is apathy and a general lack of interest about it," he said. "But the attacks are being targeted more and more at SMBs, and they're broadening beyond financial institutions to target e-commerce transactions like shipping and wire transfers, because these organizations have less established security practices than banks or credit-card companies." He added that emerging technologies such as wireless and peer-to-peer messaging applications are increasingly vulnerable.

Although strict and focused enforcement of security policies always has been critical, greater attention to security policies has never been more crucial than it is now. This is because things like spyware and adware simply have become an unavoidable part of the Internet user's daily life, so following your organization's usage policies to the letter is as good a defense as any technology a vendor is likely to develop.

"A lot of smaller companies struggle with deciding what's allowed and not allowed on their networks," Weafer said. "Adware and spyware programs are often just a nuisance, but they can eventually become the equivalent of a malicious virus because they're designed to be difficult if not impossible to get off your machines."

He said the trend toward smaller, more targeted attacks provides an opportunity for VARs to provide much-need services to their clients.

"Users need constant education; this is not a static landscape," Weafer said. "There's an opportunity there for resellers to provide new tools and services, and a large part of what we do is to work with partners to get the message out."

Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll