Attackers Choose Fortune Over Fame

Attackers are developing portfolios of techniques for making money with cybercrime.

J. Nicholas Hoover, Senior Editor, InformationWeek Government

September 19, 2005

2 Min Read
InformationWeek logo in a gray background | InformationWeek

Widespread attacks by hackers seeking notoriety are becoming less popular, as cybercriminals instead focus on targeted attacks for profit, Symantec Corp. reported Monday in its biannual Internet Security Threat Report.

Some attackers are earning fees each time a piece of malware is downloaded onto a computer. Others are demonstrating functionality before sale of malware. Hackers also are offering bot networks for hire, allowing attackers to extort money from E-commerce sites by threatening denial-of-service attacks.

Symantec found denial-of-service attacks alone have grown 680% since last year.

Credit-card and banking details and other confidential information are getting exposed more frequently, according to the report. Programs and code that uncover confidential information represented 75% of the 50 most prevalent pieces of malware in the last six months, a 37% increase over the previous six.

Meanwhile, vulnerabilities in programs were uncovered in record levels. Almost half of these vulnerabilities were classified as "high severity" by Symantec. Almost 60% were in Web applications. "Web applications are an underestimated risk," report editor Dean Turner says, noting that bugs that exploit these vulnerabilities are simple and easy for hackers to find.

Symantec also saw an increase in the number of targeted attacks. The most frequently targeted sector is small business, followed by accounting and education. Small businesses account for 38% of all attacks, despite a Small Business Technology Institute study that reported 80% of small businesses think they have sufficient security in place.

The Symantec report also dealt with future attacks. Symantec predicts that bots and bot networks (hijacked ad hoc networks of machines) will increase in number and sophistication. It predicts an increasing presence of modular malicious code, code that downloads additional functionality to a machine and can be repurposed remotely to do more malicious things. The company also sees emergent voice-over-IP and wireless security threats because many users of these technologies do not take security precautions. Said Turner, "As new technologies emerge, so do risks."

About the Author

J. Nicholas Hoover

Senior Editor, InformationWeek Government

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights