PRINT
EMAIL
COMMENT
DEL.ICIO.US
DIGG
OUR PREMIUM CONTENT
The Kiplinger Agriculture Letter
The Kiplinger California Letter
Kiplinger's Biofuels Market Alert
Kiplinger's Retirement Report
SUBSCRIBER HELP
CURRENT LETTER
The Outlook
For Inflation
PREVIOUS ISSUES
Symantec gathers malicious code reports from over 120 million client, server, and gateway systems that have deployed its antivirus product, and also maintains one of the world's most comprehensive vulnerability databases, currently consisting of over 25,000 recorded vulnerabilities (spanning more than two decades) affecting more than 55,000 technologies from over 8,000 vendors. If you still view the Internet as a kind of Wild West where colorful rogues and small bands of outlaws try to damage or invade personal computers -- you're not only way behind the curve, but may be putting yourself and your business at risk. Internet crime has evolved not just into a mature and sophisticated industry, but also into a global network that has its own underground economy, specialties and infrastructure, Symantec reports in its latest Internet Security Threat Report.
What should be particularly worrisome to legitimate businesses is a shift in tactics. Rather than targeting computer networks, which have strengthened defenses considerably, Internet criminals now try to get to individual computers and customers of Internet services and sites with Web-based attacks. One reason: Few Web sites address their vulnerabilities, and the few that do, react slowly. "Of 6,961 site-specific vulnerabilities in the first six months of 2007, only 330 had been fixed at the time of writing," Symantec reports.
Once these vulnerabilities have been exploited, attackers can then zero in on individual users. "Symantec has also observed that attackers are particularly targeting sites that are likely to be trusted by end users, such as social networking sites. ... Attackers targeting trusted sites can also steal user credentials or launch mass attacks because they may allow attacks to propagate quickly through a victim's social network," the report warns. And as information is picked up, it is bundled and sold on servers that help this black market flourish and grow -- often priced according to demand and value. Information to verifiably high-value accounts fetches more than just generic bank accounts, for example.
Attackers are proving intensely resourceful and adaptive. Code threats have increased dramatically, apparently because criminal organizations now hire software specialists to churn out malicious code so they can constantly remain ahead of efforts to defend against attacks. And they have physical mobility, too. "Malicious groups are actively anticipating and planning for the need to adapt on the fly -- including the deployment of back-up servers to which they can turn when law enforcement agencies or ISPs threaten to shut down existing operations," the report says.
Symantec is also warning that the coming presidential elections will provide scammers an opportunity to exploit and target political and campaign Web sites. That will be explored in a separate Kiplinger Recommends feature next week.
E-Mail Article
Print Article
|
|
|
|
|
|
|
|
