Internet Security Threat Report 2007 Released

Cyber predators are increasingly exploiting trusted environments to target their victims, according to Symantec's latest Internet Security Threat Report.

The report reveals that between January 1 and June 30 this year, attackers increasingly targeted victims by exploiting vulnerabilities in trusted environments, such as popular financial, social networking, and career recruitment websites.

Symantec also reported that 61% of all vulnerabilities disclosed were in web applications. Once a trusted website has been compromised, criminals can use it as a base for distributing malicious code to users visiting the site.

Today, the threat landscape is more dynamic than ever. Identity theft is an increasingly prevalent security issue, particularly for organizations that store and manage information that could facilitate identity theft.

Compromises that result in the loss of personal data could be quite costly, not only to the people whose identity may be at risk and their respective financial institutions, but also to the organization responsible for collecting the data. Data breaches that lead to identity theft could damage an organization’s reputation, and undermine customer and institutional confidence in the organization.

Underground economy servers are used by cyber criminals to sell stolen information. This data can include government-issued identification numbers such as social security numbers, credit cards, bank cards, personal identification numbers (PINs), user accounts, and email address lists.

The report says that social networking websites are particularly valuable to attackers since they provide access to a large number of people, many of whom trust the site and its security. These websites can also expose a lot of confidential user information that can then be used in attempts to conduct identity theft, online fraud, or to provide access to other Web sites from which attackers can deploy further attacks.

The threat report also noted that cybercriminals are continuing to become more professional and some are even commercializing their efforts. They're taking a business approach to the development, distribution, and use of malicious code. The cost to obtain credit card details is $0.50-$5, bank account details are available for $30-$400, e-mail passwords cost $1-$350, while identity thefts cost $10-$150!

The most commonly advertised goods for sale on underground economy servers were credit card details, making up 22 per cent of all advertised goods.

The advertised price for bank account credentials varied widely and was dependent on the funds available in the account. Bank accounts that included higher balances were worth considerably more. Furthermore, bank account information that included personal information of the victim was more highly valued.

Email passwords were the third most common item advertised for sale, making up eight percent of all advertised goods. In addition, the value of the account was also based on the username in the email itself; email accounts with usernames that were standard English terms were generally highly priced.

Other findings in the report include:
Stolen credit card numbers were the most commonly advertised commodity on underground economy servers, making up 22% of all advertisements; stolen bank account numbers were a close second with 21%.
Symantec researchers documented 237 vulnerabilities in web browser plugins in the first half of the year. The report noted that it's a significant increase over the 74 discovered in the second half of 2006, and the 34 in the first half of 2006.
Theft or loss of computer or other data storage equipment made up 46% of all data breaches that could lead to identity theft.

Symantec also reported an increase in multistage attacks, which include an initial attack designed to deploy other attacks. A downloader, for example, is malicious code that infects a computer. It's designed to pull other code down from the Internet to further infect the machine. Symantec reported that 28 of the top 50 malicious code samples were staged downloaders.

India has been ranked 14th worldwide when it came to hosting phishing websites. Mumbai hosted 30% of the total phishing sites in India, Delhi 29%, and Bangalore and Chennai accounted for 12% each of the total sites.