UAE. The latest Internet Security Threat Report (ISTR), volume 12, released by Symantec Corp concludes that cyber criminals are increasingly becoming more professional - even commercial - in the development, distribution and use of malicious code and services. 

While cybercrime continues to be driven by financial gain, cyber criminals are now utilising more professional attack methods, tools and strategies to conduct malicious activity. The ISTR contains an in-depth analysis of 180 countries around the world and found that the UAE ranks 40th as an originator of cyber attacks, six places higher than in March 2007. 

“As the global threat to online activity continues to grow, it has never been more important to remain vigilant and informed on the evolving threat landscape,” said Kevin Isaac, Regional Director, Symantec MENA.

“Symantec's bi-annual Internet Security Threat Report continues to provide the UAE with critical information on the most current online security trends, helping us better protect our state's infrastructure, information and interactions.”

The ISTR suggests that the UAE is a prime target for malicious online activity, ranking the country 40th for the number of bot-infected computers, 66th for phishing hosts, and 51st as a source of spam.

During the reporting period of 1 January  2007 to 30 June 2007, Symantec said it detected an increase in cyber criminals leveraging sophisticated toolkits to carry out malicious attacks. One example of this strategy was MPack, a professionally developed toolkit sold in the underground economy. Once purchased, attackers could deploy MPack’s collection of software components to install malicious code on thousands of computers around the world and then monitor the success of the attack through various metrics on its online, password protected control and management console. 

MPack also exemplifies a coordinated attack, which Symantec reported as a growing trend in the previous volume of the ISTR where cyber criminals deploy a combination of malicious activity.

Phishing toolkits, which are a series of scripts that allow an attacker to automatically set up phishing websites that spoof legitimate websites, are also available for professional and commercial cybercrime. The top three most widely used phishing toolkits were responsible for 42% of all phishing attacks detected during the reporting period.

“In the last several Internet Security Threat Reports, Symantec discussed a significant shift in attackers motivated from fame to fortune,” said Isaac.

“The Internet threats and malicious activity we are currently tracking demonstrate that hackers are taking this trend to the next level by making cybercrime their actual profession, and they are employing business-like practices to successfully accomplish this goal.”

During the reporting period, Symantec detected attackers indirectly targeting victims by first exploiting vulnerabilities in trusted environments, such as popular financial, social networking and career recruitment websites. Symantec observed 61% of all vulnerabilities disclosed were in web applications. Once a trusted website has been compromised, cyber criminals can use it as a source for distribution of malicious programmes in order to then compromise individual computers. This attack method allows cyber criminals to wait for their victims to come to them verses actively seeking out targets. 

Social networking websites are particularly valuable to attackers since they provide access to a large number of people, many of whom trust the site and its security. These websites can also expose a lot of confidential user information that can then be used in attempts to conduct identity theft, online fraud or to provide access to other websites from which attackers can deploy further attacks.       

During the first six months of 2007, Symantec observed an increase in the number of multi-staged attacks which consist of an initial attack that is not intended to perform malicious activities immediately, but that is used to deploy subsequent attacks. One example of a multi-staged attack is a staged downloader that allows an attacker to change the downloadable component to any type of threat that suits the attacker’s objectives. According to the ISTR, Symantec observed that 28 of the top 50 malicious code samples were staged downloaders. Peacomm Trojan, mostly known as Storm Worm, is a staged downloader that was also the most widely reported new malicious code family during the reporting period. In addition to serving as an attack toolkit, MPack is an example of a multi-staged attack that included a staged downloader component.

Amongst the additional key findings of the report:

• Credit cards were the most commonly advertised commodity on underground economy servers, making up 22% of all advertisements; bank accounts were in close second with 21%
• Symantec documented 237 vulnerabilities in web browser plug-ins. This is a significant increase over 74 in the second half of 2006, and 34 in the first half of 2006.
• Malicious code that attempted to steal account information for online games made up 5% of the top 50 malicious code samples by potential infection. Online gaming is becoming one of the most popular Internet activities and often features goods that can be purchased for real money, which provides a potential opportunity for attackers to benefit financially.
• Spam made up 61% of all monitored e-mail traffic, representing a slight increase over the last six months of 2006 when 59% of e-mail was classified as spam.
• Theft or loss of computer or other data-storage medium made up 46% of all data breaches that could lead to identity theft. Similarly, Symantec’s IT Risk Management Report found that 58% of enterprises expect a major data loss at least once every five years.  

For more information log on to www.symantec.com

MIDDLE EAST BUSINESS COMMENT & ANALYSIS

• Top news
• Business News
• Company News