Here are some of the key findings:
- has observed a change in Internet attack activity away from status-oriented attacks and toward criminal activities motivated by profit. The current threat environment is characterized by an increase in data theft, data leakage, and the creation of malicious code that targets specific organizations for information that can be used for financial gain.
Internet security resources Organized crime puts pressure on security providers
Antivirus trends and techniques
Polymorphic malware attacks and in-line scanning
Windows Vista malware protection
- Symantec has observed high levels of malicious activity across the Internet, with increases in phishing, spam, botnets, Trojans, and zero-day threats. However, whereas in the past these threats were often used separately, attackers are now refining their methods and consolidating their assets to create global networks that support coordinated criminal activity.
- Targeted malicious code may take advantage of Web-enabled technologies and third-party applications and install a back door, which then downloads and installs bot software. These bots can, in turn, be used to distribute spam, host phishing sites, or launch attacks.
- The number of active bot-infected computers that Symantec detected increased by 11% to an average of 63,912 per day. The worldwide total of distinct bot-infected computers that Symantec identified in this reporting period rose to just over 6,049,594, a 29% increase over the previous reporting period. In contrast to this, the number of command-and-control servers decreased by 25% to 4,746. Symantec speculates that this is because botnet owners are consolidating and expanding their networks.
- The primary cause of data breaches that could facilitate identity theft was lost or stolen computers or other media on which the data was stored or transmitted, such as a USB key or a back-up disk. These made up 54% of all identity theft-related data breaches during the reporting period. In many cases, computers that were lost or stolen were laptop computers. The second most common cause of data breaches that could lead to identity theft during this period was insecure policy, which made up 28% of all incidents. Together, theft and loss along with insecure policy made up 82% of all data breaches in the second half of 2006.
- During the last six months of 2006, 51% of all underground economy servers known to Symantec were located in the United States, the highest total of any country. United States-based credit cards with a card verification number were available for purchase on underground economy servers for between $1 and $6 USD. An identity (including a U.S. bank account, credit card, date of birth and government issued identification number) was available for between $14 and $18 USD.
- 94% of all easily exploitable vulnerabilities disclosed in the second half of 2006 were remotely exploitable.
- The United States had the highest number of bot command-and-control computers, accounting for 40% of the worldwide total.
- 86% of the credit and debit cards advertised for sale on underground economy servers known to Symantec were issued by banks in the United States.
Security threats watch
- Symantec expects to see more threats begin to appear on Windows Vista™, with a focus on vulnerabilities, malicious code and attacks against the Teredo platform. Symantec also expects that attackers will focus on third-party applications that run on Vista.
- Symantec expects to see the development of new phishing economies. Phishers are expected to expand their targets to include new industry sectors such as massively multiplayer online games. Symantec also expects that phishers will develop and implement new techniques to evade antiphishing solutions like block lists, such as the use of ready-made phishing kits.
- Symantec expects that spam and phishing will increasingly target SMS and MMS on mobile platforms.
- Symantec expects that, with the increased adoption of software virtualization, new attacks will be developed and that virtual environments may be targeted as a way of compromising host systems.