In Brief

Symantec Threat Report: Three Ways Internet Crime Has Changed

Malware and botnets and phishing, oh my! Symantec's latest report on the Internet threat landscape highlights trends in cybercrime.

By Joan Goodchild, Senior Editor

Geyer said sites in the United States are consistently the top target worldwide. China is usually second and many countries in Western Europe also in the top ten.

In the first few years the report was published, the number of vulnerabilities in operating systems and software increased annually. The good news is that has begun to change in the last 18 months, said Geyer. Vendors have become more proactive about patching. The bad news is hackers have taken on other techniques to exploit a system and are focusing more on site-specific vulnerabilities.

"Site-specific vulnerabilities are lot harder problem to solve," said Geyer. "You can't just send out a patch and protect everyone if the problem is site-specific." (See The Chilling Effect for more detail on website vulnerabilities.)

>b> End users are now the primary target

Large organizations were the main target of attacks less than a decade ago; now the end user is the primary target, said Geyer. Phishing web site hosts are dramatically increasing and so are new variants of malware.

"In past 18 months, the increase is just staggering. So much is being introduced, organizations are having tough time. A lot of it is the same piece of malware that is tweaked to be slight variant of other pieces already written. It just shows how easy it is to write it and also that there is true financial gain. This is proving to be a good business model for people in the underground economy." (See The Future of Anti-Virus for more about malware proliferation and the development of alternatives to signature-based defenses.)

Other stories by Joan Goodchild

• Email
• Print
• Comments
• Digg This
• SlashDot

• Slideshow: Inside Symantec's Global SOC
• Inside the Global Hacker Service Economy
• Death by iFrame
• Freedom of the Cyber Seas