Cyber criminals are stepping up smaller, more targeted attacks as they seek to avoid detection and reap bigger profits by stealing personal and financial information, according to a report issued on Monday.
Symantec Corp.'s Internet Security Threat report said during the second half of 2005 attackers continued to move away from broad attacks seeking to breach firewalls and routers and are now taking aim at the desktop and web applications.
The latest report from the world's biggest security software maker said threats such as viruses, worms and trojans that can unearth confidential information from a user's computer rose to 80 percent of the top 50 malicious software code threats from 74 percent in the previous six months.
Scams such as phishing attacks that trick users into revealing information such as passwords, credit card information and other financial information also rose, the report said.
Between July 1 and December 31, phishing attempts made up one in every 119 processed email messages, the report said. This translates into an average 7.92 million phishing attempts per day, up from 5.70 million in the first part of the year.
Vincent Weafer, senior director of Symantec Security Response, said hackers are eschewing widespread viruses or worms that deliver infected software code able to potentially devastate hundreds of thousands of computers in favour of smaller-scale attacks.
He added criminals do not want to trigger a major security response with a high-profile attack and now seek to more narrowly tailor their focus to silently slip onto a user's machine.
Weafer also noted the number of headline-grabbing viruses has slowed since the Blaster worm outbreak infected computers worldwide in 2003 -- further evidence criminals are moving away from large-scale attacks.
"Instead of sending out a worm to hit a million desktops people are sending out smaller, aggressive attacks," Weafer said. "Criminals want to now get on a system silently."
The report also cited a growing threat from robot, or "bot" networks used to launch attacks on computer systems. Criminals create botnets by illegally gaining control of a large number of computers, which the report said are increasingly used as tools for extortion attempts.
The number of computers infected by botnets fell slightly but on average Symantec observed 1,402 denial of service attacks per day utilizing botnets, representing a 51 percent increase over the prior reporting period.
"What we are seeing is increased intensity from a lower number of botnets," Weafer said. "Those botnets that are smaller are being used more than larger ones."
China is also fast turning into a major source of botnet attacks likely due to the rapid growth in broadband Internet connections there, the report said.
During the last six months of the year, botnet attacks originating in China soared 153 percent, which is 72 percentage points above the average increase, the report said.
Return to internet news headlines
View Internet News Archive