There’s a different kind of consolidation taking place in the IT space and it is one trend organizations should be cautious about.
Cyber criminals are getting more organized and are refining their methods to make their attacks more coordinated, according to the latest Internet Security Threat Report (ISTR) released by antivirus vendor Symantec Corp.
While higher levels of malicious activity were still observed, the past six months saw an increasing trend toward the consolidation of malicious activities such as phishing, spam, bot networks, Trojans and zero-day threats.
“Whereas in the past these threats were often used separately, attackers are now refining their methods and consolidating their assets to create global networks that support coordinated criminal activity,” the Symantec report indicated.
Symantec’s ISTR is released every six months and contains details of Internet security and threat activities around the world. The report is essentially a compilation and analysis of security data gathered from over 40,000 intrusion detection system and firewall sensors in 180 countries, over 120 million systems that deploy Symantec’s antivirus products, and over two million decoy accounts that attract e-mails from about 20 countries.
The recently released ISTR includes security data collected between July 1 and Dec. 31, 2006.
According to the report, there is increasing interoperability among threats and attack methods, where one attack can pave the way for another attack or a series of attacks. For example, targeted malicious code may take advantage of vulnerabilities in Web-enabled technologies and third-party applications to install a back door that can be used to download and install bot software, creating a network of bot-infected computers.
Bots are programs installed on a computer, without the user’s knowledge, which allows an attacker to remotely control the infected system and use it for distributing spam, hosting phishing sites or launching attacks, creating a single, coordinated network of malicious activity.
The ISTR showed an increase in the number of bot-infected computers per day to 63,912, or an 11 per cent increase from the previous reporting period.
There was also a 25 per cent decrease in the number of command-and-control servers worldwide. Bot network owners use command-and-control servers to relay commands to bot-infected systems in order to carry out an attack.
The rising number of bot-infected computers and the decreasing number of command-and-control servers are an indication that bot networks are also consolidating, said Dean Turner, executive editor of ISTR.
“This really is a thriving ecosystem because it generates millions of dollars,” he said. Because the motivation has long since changed from fame to fortune, today’s malicious attackers are also making an effort to remain anonymous, in contrast to the earlier generation of bragging hackers.
The shift in attack trends from mass-based cyber assaults to more targeted attacks is an indication of this changing profile of attackers, said Turner.
Targeted attacks, usually towards a specific organization, are less likely to get huge public attention than an attack targeting millions of diverse users, he said.
That’s because companies that suffer a breach are typically hesitant to make the incident publicly known and that, according to Turner, is helpful for organized cyber criminals as it allows them to maintain a low profile. “They want to stay in business for as long as possible.”