Cybercrime’s financial and geographic growth shows no slowdown during global economic crisis
By Marc Fossi
Cyber attacks and malicious activity continued to spread in 2009, and neither the economic recession nor geographic location slowed cybercriminals.
By Marc Fossi
Their businesses are thriving while the rest of the world suffers.
Internet penetration around the world continues to increase, and as
developing countries gain broadband access, cybercriminals have more
markets to target.
Unfortunately, attack toolkits make cybercrime
easier than ever before. These toolkits are available for purchase and
even unskilled cybercriminals can use them to launch sophisticated
attacks. The Symantec Internet Security Threat Report XV also cites an
increase in Web-based and enterprise-targeted attacks. Hackers are no
longer attention-seeking individuals. They are criminals who use
malicious tactics to steal confidential information and money from
companies and the more than 360 million Internet users in the world.
The good news, however,
is that even as fraud-related activities continue to grow, there are
general measures businesses and end users can follow to safeguard their
assets. By gaining a better understanding of the threats and following
security best practices, organizations and individuals can protect data
against growing risks.
Growth of Cybercrime
Symantec blocked an average of 100 potential attacks per
second. Malicious code is as prevalent as ever, with more than 240
million distinct new malicious programs identified by Symantec in
2009—a 100 percent increase over those found in 2008. Compromised
identity information continues to grow. Sixty percent of all data
breaches that exposed identities were the result of hacking. This
problem is not limited to a few larger enterprises.
According to the
Symantec State of Enterprise Security Report, 75 percent of companies
surveyed experienced some sort of cyber attack during the last year.
Cybercrime is a universal problem. Attackers have evolved from simple
scams to highly sophisticated campaigns targeting some of the world’s
largest corporations and government entities.
The scale of these
attacks and the fact that they originate from across the world, makes
this a truly international problem requiring the cooperation of both
the private sector and world governments.
Malicious Activity Takes Root in Developing Countries
Malicious activity continues to move to countries such as Brazil,
Russia, India and China that now have a more robust IT and broadband
Unfortunately, the Internet is an international medium
that lacks international law enforcement procedures and cooperation,
which slows efforts to fight cybercrime on a global scale.
attacks have become one of the primary mechanisms for installing
malicious code on computers. They are often launched from computers
other than the one the user is visiting through tactics such as a
malicious advertisement. Computers hosting these attacks are more
likely to affect users regardless of their location and the location of
the websites they visit.
According to the Symantec Internet Security
Threat Report, Brazil and India both jumped into the top 10 for origin
of Web-based attacks.
Underground Economy Thrives Amid Recession
Credit cards and bank accounts continued to be the most advertised
items on the underground economy in 2009 with a marked increase in
credit card dumps.
Such dumps, which are sometimes known as cloned
credit cards, showed a 150 per cent increase in 2009 from 2008. That
jump illustrates that although the world economy is still recovering
from a recession, cybercriminals continue to flourish. Social
engineering tactics have changed to take advantage of the evolving
More malicious messages incorporate themes such as
refinancing loans, consolidating debt, reducing credit card interest
More Enterprises Targeted
Cyber attacks are not just more sophisticated, they’re also very
targeted. Many of them are full-fledged campaigns that are increasingly
hard to spot. These threats remain undetected to penetrate deeply into
the corporate network.
While these targeted attacks have been occurring
for several years, they have been pushed to the forefront recently,
with incidents such as Hydraq. Targeted attacks use zero-day
vulnerabilities and spear-phishing type attacks. Attackers usually do
focused research into the company and its employees by gathering
information from corporate websites, news articles, social networks and
other sites. Many targeted attacks try to steal information about the
organization’s customers and employees, but other information such as
intellectual property and corporate strategies are also targeted.
Cybercrime Requires Less Skill
The emergence of attack toolkits has made cybercrime available to
anyone regardless of computer skills. Novices can purchase a kit and
almost immediately begin deploying sophisticated and varied threats.
Toolkits such as Zeus can be purchased for as little as $700.
toolkits allow customization, resulting in many variants being created.
Because there are an increasing number of cybercriminals entering the
space the number of threats is increasing and the number of people
being affected is increasing as well. The increase in these Web-based
attack kits means an increase in Web-based attacks in general.
Web-Based Attacks Continue to Grow
Web-based attacks are the most prevalent attacks and they continue to
increase. Four out of the top five attacks in 2009 targeted client-side
vulnerabilities in widely used applications such as Internet Explorer
and PDF readers. PDF suspicious file downloads was the largest single
threat and accounted for 49 percent of all vulnerabilities, up from 11
percent in 2008.
Web browsers are vulnerable ”“ of the 374 vulnerabilities document in web browsers in 2009, 14 per cent of them remain unpatched by the
Where do we go from here?
Although cybercriminals are becoming increasingly sophisticated,
businesses and consumers can employ best practices to mitigate risk.
Enterprises should employ defense-in-depth strategies, which emphasize
multiple, overlapping, and mutually supportive defensive systems to
guard against single-point failures in any specific technology or
protection methodology. Such a strategy should include antivirus,
firewalls, and intrusion detection among other security measures. For
example, you wouldn’t lock your front door and leave your windows
You may even use a security alarm system in addition to the
Security products are available that provide these capabilities in a
single integrated solution for consumers. Organizations and individuals
should also make sure all of their systems are updated with the
necessary security patches from the appropriate operating system
In addition, users should be cautious when browsing the Internet. It is
important to log out of websites when a session is complete. Users
should also be wary of visiting untrusted or unfamiliar sites, and they
may also consider disabling scripting and active content when casually
browsing the web.
Finally, to guard against identity theft, consumers should conduct
higher-risk Internet activities such as online banking or purchasing
only on their own computers and not on public systems such as those in
Internet cafes or libraries. Consumers should also avoid storing
passwords and bank card numbers on their computers.
With cybercriminals finding it increasingly profitable to use the
Internet to steal information from consumers and businesses, protection
and mitigation against such attacks becomes both an individual and
collective global priority. With a proven set of technologies in place
and best practices followed, consumers and organizations can keep their
information assets safe.
Marc Fossi is executive editor of Symantec’s Internet Security Threat Report