Last week Symantec released its eighth Internet security threat report, for the period Jan. 1 to June 30.
According to Symantec regional director for sub-Saharan Africa, Patrick Evans, the report revealed a shift in the threat landscape across the globe, showing a move towards more focused attacks on users.
These threats, says Pieter van Niekerk, principal security consultant, Symantec Security Services, are motivated by financial gain, and the perpetration of criminal acts.
?Attackers are moving away from large, multipurpose attacks on network perimeters, toward smaller and more targeted attacks on host systems targets,? says Evans.
The key findings of the report all show increased figures, again emphasizing the need for security. Over the six-month period, there has been an increase in malicious code for financial gain, 64 percent of the top 50 malicious code samples reported allowed spam relaying. Van Niekerk says: ?We have also found that bot networks and custom bot code were available for purchase or rent, and we saw a 140 percent rise of active computers in a bot network.?
This, according to the company, is a serious security concern, because, as financial rewards increase, attackers will most likely develop more sophisticated and stealthier malicious code that will attempt to disable anti-virus software, firewalls, and other security measures.
A rise in confidential information exposure was also reported. In the case of credit card information and banking details being exposed, major financial losses can be experienced. As online transactions increase, so will the severity of these information theft threats.
The report states that incidences of malicious code which expose confidential information are up by 20 percent compared to the previous report.
Van Niekerk says that malicious code variants are rapidly increasing. He says that, over the first half of 2005, more than 10 866 new Win32 viruses and worms variants were identified -- an increase of 48 percent since late 2004, indicating a shift from mass-mailing worms, towards modular and customizable malicious code.
Phishing threats have increased a hundredfold since the end of 2004, and are expected to continue to do so, with phishers using more sophisticated methods to avoid detection.
The report also found 1 862 new vulnerabilities -- according to the company, the highest number ever recorded in the report. Ninety-seven percent of these vulnerabilities were classified as moderate or high, and 59 percent of all vulnerabilities were found in Web application technologies.
The report also noted that denial of service attacks grew by 808 per day, increasing by 680 percent since the previous reporting period. Education was the most frequently targeted industry, says Van Niekerk, followed by small business and financial services.
Van Niekerk says the frequency of modular malicious software is expected to increase, with bot networks expected to increase in number, diversity, and sophistication.
The report expects adware and spyware to appear more frequently on mobile devices, and to employ stealthier technology to avoid detection. VOIP threats are expected to emerge, as more enterprises converge data and voice networks.