With more and more of the day to day computing needs of the average user becoming web-based, security has become a major issue for home and business users alike. Personal data is being stored online and the availability of such information over the web has become a great attraction for ‘cybercriminals’.
Needless to say, with the growing amount of cybercrime occurring around the world, user’s awareness of their methods is becoming more and more important. Hence the reasoning behind Symantec’s latest Internet Security Threat Report (ISTR) which highlights many of the dangers that we unsuspecting web surfers may encounter, perhaps without ever even knowing it.
First off is the danger in e-mail contact. Cybercriminals are buying and selling hacked e-mail accounts for as little as 65p. Once the criminals get a hold of your account details, i.e. your username and password, they can get onto your account and send malicious emails to your contacts requesting private information from them. Then, the person on the receiving end may give up such information with it seemingly coming from such a reliable source. And the cycle continues, personal details being leaked around the web and getting into the wrong hands.
It’s all cheap as chips for the criminal, yet the consequences for the victim can be devastating. This is down to the fact that many people record a lot of personal information within their e-mails, such as receipts, CVs and such. The threat of ID fraud is becoming more evident with the number of cases increasing year upon year. Clearly, previous public awareness campaigns about how to be safe online aren’t working or it’s just the people who are newer to the Internet that is being caught out, although I doubt that is the case if anything it could be that experienced internet users getting lazy/sloppy with their approach to internet security.
Con Mallon, Consumer Director for regional product marketing at Symantec, in an interview with PC Pro, warned users to be alert to such threats. “Even when you’re in your email or on social networking you have to be a little circumspect — is that really my friend or colleague? In this situation, you’re only as strong as the weakest link in the chain. If your friend is not properly protecting their account then you could be vulnerable.”
He advised users to “keep trying to change your password as often as possible” and to be watchful of signs their account is compromised. Hacked account holders should have their password reset by the provider, or ideally open a completely new account, Mallon added.
According to the ISTR, there have been a number of trends evident in the past year of cybercrime. Firstly, was the increase in threats targeted toward individual members of a company. By following the social networking profiles of member’s of staff, criminals can gather enough information about an individual to launch a targeted ‘attack’ on the company as a whole. As a result of this kind of threat to companies, when they were asked, they ranked Cybercrime as the biggest risk (by far) that they were concerned about, more so than traditional criminal activity, brand-related events, natural disasters and terrorism.
Also, The availability of the required tools to carry out such crime is becoming easier. So-called ‘Attack toolkits’ such as Zeus (Zbot), can be purchased by any member of the public for $700, which is remarkably cheap when compared to the return any users can make by employing the toolkit to create malicious software with intent to steal personal information from any recipient.
Furthermore, even with the added emphasis on internet security particularly from developers of browsers, Web-based attacks continue to increase in volume. There was an 11% increase in web-based attacks between 2008 and 2009, 49% of which was accounted for by targeting PDF viewers in web browsers. As I said, most internet browser developers, such as Microsoft and Mozilla, have placed a lot of time and effort into developing tools to prevent malicious websites being accessed unwittingly by users.
The last highlight that emerged from the report states that a great proportion of malicious activity has its roots in merging countries such as Brazil, India, Poland, Vietnam and Russia. Not only is this where the criminals tend to reside, but it is also the home of many victims. This is largely due to the emerging broadband infrastructure coming into place whilst security remains minimalistic.
Lastly, some astonishing facts and figures emerged from the report this year. Stating that in 2009, Symantec identified more than 240 million new and unique malicious programs. Incredibly that’s twice as many as the previous year. The top threats of the year were the ‘Sality.AE Virus’, the ‘Brisv Trojan’ and the ‘SillyFDC worm’. The infamous ‘Downadup’, or ‘Conficker’ threat remains at large with an estimated 6.5 million PC’s worldwide ending the year infected.
Spam also plays a big part in internet security. Whilst not in all cases a great threat, it can be of huge irritation to users. In 2009, 88% of all e-mail observed by Symantec was spam. Truly an astonishing figure.
So it clearly remains a huge difficulty for companies such as Symantec to keep up with the millions of new threats posed each year. Even with the security being tightened on web browsers and e-mail clients alike. The awareness of the user is of great importance in the ongoing fight against cybercrime, yet it seems there is a long way to go before any possible solutions or even great reductions are found. With computing heading more and more online, it’s probable that the host of information available online to cybercriminals is growing at an alarming rate.
Via – Symantec
You can follow Rob on Twitter as @R0bNIchols.