Cybercrime is increasingly seeking financial profit

COLLAB distinguished with the APDC / Siemens Innovation Award

Computer security threats increasingly involve obtaining confidential information, in a covert way, to derive economic benefits from it. As Symantec reveals in its latest Internet Security Threat Report, cybercriminals are abandoning large-scale attacks to focus on desktops and smaller networks, looking for business and personal information, practicing identity theft, extortion and fraud for financial gain.

«Before the attack was traditionally motivated by curiosity and the desire to show technical ‘virtuosity’ to the community, today a large part of the threats are motivated by the prospect of profit», says the security company in the report that refers to the period between July and December 2005. It is therefore expected that so-called networks bot and the customizable modular malicious code will come to dominate the present time of computer security.

During the last half of 2005, Symantec documented 1,896 new vulnerabilities, the highest figure in the past seven years and representing a 40 percent increase from 2004.

Web application-related vulnerabilities accounted for 69 percent of security breaches reported during the reporting period. The period between the announcement of the vulnerability and the appearance of the exploit increased slightly to 6.8 days from the six days of 2004.

The correction codes are being published with a difference of 49 days in view of the disclosure of the vulnerability, also in a drop compared to 2004, in which it was necessary 64 days for the emergence of the patch. Seventy-nine percent of security breaches reported between July and December were rated by Symantec as «easy to exploit». THE browser most affected is Microsoft’s Internet Explorer, with 24 vulnerabilities.

Attacks using phishing they continued to increase during the last half of 2005, even though they are increasingly addressing smaller objectives, with a regional character, informs the security company.

During the second half of 2005, 7.92 million daily attacks were identified using phishing compared to 5.70 million produced in the same period. Symantec points out that the United States continues to lead the list of countries issuing attacks of this type, with 31 percent.

The Internet Security Threat Report also reports that 56 percent of the spam received worldwide comes from the United States, a figure that has grown five percent in recent months. China now ranks second on the list – a place it stole from South Korea -, originating 12 percent of unsolicited mail delivered to worldwide mailboxes, an increase of seven percent to seven percent over the first half of 2005.

Related News:2005-09-20 – Most hacker attacks have financial interests

2005-04-08 – Vulnerabilities and viruses increase in the 2nd semester along with threats to confidential information