In the past, hackers committed cyber crime for fame and glory. These days they want credit card information, with the underground economy growing more sophisticated.
Speaking at the ITWeb Security Summit in Midrand, this week, Gerald Maronde, Symantec enterprise security specialist, said Web-based malicious activity has accelerated and is the primary way in which systems are infected.
“Theft and data loss remain the top cause of data leakage for overall data breaches and identities exposed. Many data breaches are related to a loss of portable devices such as USB memory keys, portable hard drives and smartphones,” he noted.
One of the top trends Symantec is seeing is the theft of data. According to the latest Symantec Security Threat Report, documented vulnerabilities have increased by up to 19%. Over 95% of vulnerabilities are attacked on the client-side and 5% attacks vulnerabilities on the server-side.
Attackers target the Web browser itself as well as plug-ins and client applications, said Maronde: “Attackers locate and compromise a high-traffic site through a vulnerability specific to the site or in a Web application it hosts. Once the site is compromised, attackers modify pages so malicious content is served to visitors. In many cases, attacks are launched from a different location than the compromised Web site.”
Trojans make up 68% of the volume of the top 50 malicious codes. Some 66% of potential malicious code infections are propagated as shared executable files, according to Maronde.
The top targeted sectors for data breaches include education, which has 27% of data breaches; government, with 20%; and healthcare, with 15%. The US was the top country for malicious activity, with 23% of the overall proportion.
In 2008, Symantec blocked an average of more than 245 million attempted malicious code attacks worldwide each month. Over 60% of Symantec's malicious code signatures were created in 2008.
Share