IT Brief New Zealand logo
Story image


01 May 2010

Using personal information found on social networking sites, cybercriminals are launching socially engineered attacks on key individuals within specific companies. The increase in this type of attack has been attributed to cybercriminals being able to benefit financially from compromised corporate IP. The Symantec Security Threat Report focused on key trends in cybercrime from January 1st, 2009 to December 31st, 2009. Craig Scroggie, Symantec Vice President and Managing Director, Pacific, said, "Attacks on enterprises and consumers are both motivated by the same thing, financial gain. The change in attacks on the enterprise is very much about organisations who have large technology infrastructure that don’t move to protect themselves quickly enough. Browser, Adobe and operating system updates can be exploited heavily." Applying security patches continues to be a challenge for many users, with the report noting that maintaining a secure, patched system became more challenging than ever in 2009 and that many users fail to patch even old vulnerabilities.  Threat activity was reported to be similar to previous years, with spam making up almost 90% of all email. "The most common form of spam detection in 2009 was related to degrees and online education," Scroggie continued. "In a time of recession people look to going back to school and the criminal underground was taking note. It shifted from email subject lines about offering viagra to offering online degrees and loans." It’s not just veteran criminals who are behind the continued threats as attack toolkits, which can be bought for as little as $US700, have made it easier for novice cybercriminals to compromise computers and steal valuable information. These kits can create millions of new malicious code variants without the user needing any specific skills. "More and more people can become cybercriminals easier than they could a year ago," said Scroggie. As previously reported by IT Briefonline, malicious activity continues to grow from emerging countries. Symantec said there were clear signs that this is happening in countries with an emerging broadband infrastructure such as Brazil, India, Poland, Vietnam and Russia. "The problem itself has not changed. Malicious activity continues to grow and will continue to do so. The bottom line is that the underground economy continues to mirror the real economy from a messaging point of view," warned Scroggie.