SA climbs cyber crime rankings

South Africa has climbed the global rankings by seven places, and is now ranked 43rd in the world in terms of malicious activity. This was revealed in Symantec's latest Internet Threat Report 2009, which highlights key cyber crime trends during the year.

“Historically, we have seen developing countries on the verge of broadband uptake increase in their ranking, and SA is right at the start of a broadband boom,” says Gordon Love, regional director for Africa at Symantec.

“Along with the fact that the eyes of the world are on SA leading up to the 2010 Fifa World Cup tournament, we have the perfect storm pushing us up the ranks. We cannot confirm that next year SA will climb higher in the malicious activity ranks, but it is expected.”

Speaking generally, Love says the report also illustrates both continued growth and increased sophistication in cyber attacks. “Attacks have evolved from simple scams to highly sophisticated espionage campaigns targeting some of the world's largest corporations and government entities.”

He says the scale of these attacks and the fact that they originate from different countries all over the globe makes this an international problem that needs cooperation from governments and the private sector across the world.

Love says the year was book-ended by two prominent attacks: Conficker at the beginning of the year, and Hydraq at the end.

In EMEA, he says the second most common malicious code sample causing potential infections was the Mabezat.B worm, which spreads through e-mails, removable drives and network shares protected by weak passwords. “It infects exe files and encrypts data files.”

According to Love, SA was placed second in EMEA in terms of malicious code samples, and Saudi Arabia first.

Another salient finding, says Love, was that 49% of the volume of the top 50 potential infections were all classified as worms, malicious programs that replicate themselves from system to system without using a host file, an increase of 30% from the previous year. “Saudi Arabia was the top culprit for worms.”

The report clearly illustrated that malicious activity is taking hold in emerging countries, not only because of an emerging broadband infrastructure, but because government crackdowns in developed countries have led cyber criminals to start their attacks from developing regions where prosecution is less likely.

Love says 2009 also saw a significant increase in attacks on enterprises. “Given the potential for financial gain from compromised intellectual property, cyber criminals are now eyeing enterprises. The report found these criminals are leveraging the plethora of information freely found on social networks to synthesise attacks on individuals within key companies, through social engineering.”

“Cyber crime attack toolkits, which automate the process of creating customised information-stealing malware, have also made it far easier for unskilled cyber criminals to compromise remote machines and steal data,” he says. Some of these kits can be purchased online for $700, and allow millions of new malware variants to be created.

Finally, he says Web-based attacks continue to flourish unabated, often through clever social engineering techniques that lure users to contaminated Web sites. “Victims' Web browsers and vulnerable plug-ins are then attacked. Last year saw a significant increase in attacks aimed at PDF viewers, which accounted for nearly half of all observed Web-based attacks, a huge leap from the 11% reported the previous year.”