COMMUNICATIONS
ENTERPRISE APPLICATIONS
SECURITY
STORAGE
SYSTEMS & TOOLS
BUSINESS CONTINUITY
CASE STUDIES
GOVERNANCE
SERVICE MANAGEMENT
 

 

> TECHNOLOGY > SECURITY

Malicious attacks focused toward trusted web sites, says Symantec report
ConvergenceAsia staff
10/04/2008

The latest Internet Security Threat Report (ISTR), Volume XIII released by Symantec concludes that the Web is now the primary conduit of attack activity, and that online users can increasingly be infected simply by visiting everyday web sites.

The report is derived from data collected by millions of Internet sensors, first-hand research and active monitoring of hacker communications and provides a global view of the state of Internet security.

Today, hackers are compromising legitimate web sites and using them as a distribution medium to attack home and enterprise computers. Symantec noticed that attackers are particularly targeting sites that are likely to be trusted by end users, such as social networking sites.

Avoiding the dark alleys of the Internet was sufficient advice in years past, said Stephen Trilling, vice president, Symantec Security Technology and Response. “Today's criminal is focused on compromising legitimate web sites to launch attacks on end-users, which underscores the importance of maintaining a strong security posture no matter where you go and what you do on the Internet.”

Attackers are leveraging site-specific vulnerabilities that can then be used as a means for launching other attacks. During the last six months of 2007, there were 11,253 site specific cross-site scripting vulnerabilities reported on the Internet; these represent vulnerabilities in individual web sites.

However, only 473 (about 4 per cent) of them had been patched by the administrator of the affected web site during the same period, representing an enormous window of opportunity for hackers looking to launch attacks.

Phishing also continues to be a problem. In the last six months of 2007, Symantec observed 87,963 phishing hosts – computers that can host one or more phishing web sites. This is an increase of 167 per cent from the first half of 2007. Eighty per cent of brands targeted by phishing attacks during the study period were in the financial sector.

The report also found that attackers are seeking confidential end-user information that can be fraudulently used for financial gain and are less focused on the computer or device containing the information. In the last six months of 2007, 68 per cent of the most prevalent malicious threats reported to Symantec attempt to compromise confidential information.

Finally, attackers are leveraging a maturing underground economy to buy, sell and trade stolen information. Credit card information, which has become plentiful in this environment, accounted for 13 per cent of all advertised goods — down from 22 per cent in the previous period and sold for as low as $0.40.

 

advertisement



Sponsored Links
Exploit Technologies Breakthrough Technologies Available for Licensing
USONYX Affordable and Reliable Web Hosting Solutions 
   

Copyright © 2007 ConvergenceAsia.com. All rights reserved.