Two reports out this week on the State of the Union security-wise, and, as you might have expected, there are some divergence in the conclusions. They’re also complementary in a way, and the pair gives a clearer picture of the security battlefield.

Symantec Corp. took the wraps off its twice-yearly Internet Security Threat Report at 12:01 a.m. Monday. IBM Internet Security Systems chipped in with its two cents later in the day.

There are some things on which the two reports agree; first and foremost that the black hats are becoming more professional and profit-oriented. “There’s money to be made in the attacks today,” Michael Murphy, GM of Symantec Canada, told journalists and analysts at an embargoed briefing on Friday.

There’s also a growing element of commercialization of the malware market. “The majority of attacks today are generated by tool kits you can buy,” Murphy said. MPack, for example, is a $1,200 phishing tool kit which compromises legitimate Web sites and redirects traffic to an MPack Server, which downloads a “small, modular threat” to the user’s system.

Further to the commercialization point, IBM Internet Security Systems’ X-Force R&D team points to a burgeoning “exploits as a service” industry (and coins the rather innocuous title of “managed exploit provider”). And the MEPs have added a leasing element, allowing malware perps to test exploits for less upfront – a sort of “try before you buy” arrangement.

The two agree that Trojans are the predominant Internet threat this year. Worms and viruses are pass



Related Download
Security Training Resource Kit Sponsor: ITWC
Security Training Resource Kit
Want to reduce your security incidents? Experts say that training can reduce security incidents by anywhere from 45% to 70%. But how do you train your employees effectively? Yes, you can send memos and do courses, but who reads this stuff? That's why we took a different approach.
Download Now