Although the number of known viruses kept growing at a steady pace, 2006 witnessed a remarkable step down in the volume of visible attacks by worms, viruses and other malware, according to F-Secure Corp.’s Data Security Wrap-up Report for the second half of 2006. At the same time, however, targeted attacks using backdoors, booby trapped document files and rootkits became increasingly commonplace.
In place of widespread malware assaults, 2006 has been characterized by targeted attacks which do not make the headlines and which have typically one motivation: money. In such scenarios, a hacker may target a single company, use a cloaking device like a rootkit to conceal a backdoor and extract valuable information for their own financial gain or that of the person(s) interested in having such data. Many of these cases use forged emails with a booby-trapped Microsoft Office document as the way to gain entry.
The other more visible malware assault motivated by money is phishing. 2006 saw a significant increase in the kinds of scams that use clever social engineering techniques and well-engineered bogus Web sites to separate the unwary from their money. And obviously phishing works since the attacks continue to build in force and complexity. Lately, phishers have been using Web sites with an average life of just one hour to try to entice Web users before disappearing off the radar.
PayPal and eBay continue to be the most targeted organizations for phishing attacks, but some German banks are climbing up the ranks.