Friday, October 24, 2014
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Internet Explorer 11 Toolkit Allows Enterprise Admins "Spy" On Their Employees
FCC Says Airwave Auction To Delay Until 2016
HP Broadens Moonshot Portfolio With Intel-powered Models
Microsoft To Keep Nokia Brand For Low-end Smartphones
LG Introduces Its First Octa-Core Application Processor
Cloud and Surface 3 Drive Microsoft's Revenue
Micron Urges Investors To Reject TRC Capital's Unsolicited Tender Offer
Facebook Returns To Chat Roots With Rooms App
Active Discussions
Copied dvd's say blank in computer only
How to generate lots of different CDs quickly
Yamaha CRW-F1UX
help questions structure DVDR
Made video, won't play back easily
Questions durability monitor LCD
Questions fungus CD/DVD Media, Some expert engineer in optical media can help me?
CD, DVD and Blu-ray burning for Android in development
 Home > News > General Computing > Symante...
Last 7 Days News : SU MO TU WE TH FR SA All News

Monday, September 17, 2007
Symantec: Cyber Criminals Are Becoming Increasingly Professional


While cybercrime continues to be driven by financial gain, cyber criminals are now utilizing more professional attack methods, tools and strategies to conduct malicious activity.

During the reporting period of Jan. 1, 2007, through June 30, 2007, Symantec detected an increase in cyber criminals leveraging sophisticated toolkits to carry out malicious attacks. One example of this strategy was MPack, a professionally developed toolkit sold in the underground economy. Once purchased, attackers could deploy MPack's collection of software components to install malicious code on thousands of computers around the world and then monitor the success of the attack through various metrics on its online, password protected control and management console. MPack also exemplifies a coordinated attack, which Symantec reported as a growing trend in the previous volume of the ISTR where cyber criminals deploy a combination of malicious activity.

Phishing toolkits, which are a series of scripts that allow an attacker to automatically set up phishing Web sites that spoof legitimate Web sites, are also available for professional and commercial cybercrime. The top three most widely used phishing toolkits were responsible for 42 percent of all phishing attacks detected during the reporting period.

"In the last several Internet Security Threat Reports, Symantec discussed a significant shift in attackers motivated from fame to fortune," said Arthur Wong, senior vice president, Symantec Security Response and Managed Services. "The Internet threats and malicious activity we are currently tracking demonstrate that hackers are taking this trend to the next level by making cybercrime their actual profession, and they are employing business-like practices to successfully accomplish this goal."

Increase in Cyber Criminals Exploiting Trusted Environments to Target Victims

During the reporting period, Symantec detected attackers indirectly targeting victims by first exploiting vulnerabilities in trusted environments, such as popular financial, social networking and career recruitment Web sites. Symantec observed 61 percent of all vulnerabilities disclosed were in Web applications. Once a trusted Web site has been compromised, cyber criminals can use it as a source for distribution of malicious programs in order to then compromise individual computers. This attack method allows cyber criminals to wait for their victims to come to them verses actively seeking out targets. Social networking Web sites are particularly valuable to attackers since they provide access to a large number of people, many of whom trust the site and its security. These Web sites can also expose a lot of confidential user information that can then be used in attempts to conduct identity theft, online fraud or to provide access to other Web sites from which attackers can deploy further attacks.

Rise in Multi-Staged Attacks

During the first six months of 2007, Symantec observed an increase in the number of multi-staged attacks which consist of an initial attack that is not intended to perform malicious activities immediately, but that is used to deploy subsequent attacks. One example of a multi-staged attack is a staged downloader that allows an attacker to change the downloadable component to any type of threat that suits the attacker's objectives. According to the ISTR, Symantec observed that 28 of the top 50 malicious code samples were staged downloaders. Peacomm Trojan, mostly known as Storm Worm, is a staged downloader that was also the most widely reported new malicious code family during the reporting period. In addition to serving as an attack toolkit, MPack is an example of a multi-staged attack that included a staged downloader component.


Previous
Next
New RealPlayer Offers CD/DVD Burning Functionality        All News        Dell Delivers Notebooks With Hardware Encrypting HDD
Yahoo to Start Testing Mash Social Network Site     General Computing News      Toshiba Says Subpoenaed Over Flash Memory

Get RSS feed Easy Print E-Mail this Message

Related News
Symantec to Separate into Two Technology Companies
China To bar Symantec, Kaspersky Anti-virus: report
UK's GCHQ To Share Data With Firms
Symantec Says Antivirus Software Is Dead, Focuses On Zero-day Attacks
Hackers Attack NATO Web Sites
Kaspersky Lab Uncovers "The Mask" Cyber Spying Campaign
Stuxnet Roots Found Back in 2005
Microsoft and Symantec Take Down Bamital Botnet
Symantec Releases Enterprise Security Software For Mobiles
Norton Update Makes Some PCs Inoperable
Symantec Report Reveals Increase in Malicious Attacks in 2011
Symantec Dissolves Alliance With Huawei

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2014 - All rights reserved -
Privacy policy - Contact Us .