CUPERTINO, Calif. -- The latest Internet Security Threat
Report (ISTR), Volume XII released today by Symantec Corp. (Nasdaq: SYMC)
concludes that cyber criminals are increasingly becoming more professional -
even commercial - in the development, distribution and use of malicious code
and services. While cybercrime continues to be driven by financial gain,
cyber criminals are now utilizing more professional attack methods, tools
and strategies to conduct malicious activity.
"As the global cyber threat continues to grow, it has never been more
important to remain vigilant and informed on the evolving threat landscape,"
said Dan Lohrmann, chief information security officer, State of Michigan.
"Symantec's Internet Security Threat Report continues to provide us with
critical information on the most current online security trends, helping us
better protect our state's infrastructure and citizen information."
During the reporting period of Jan. 1, 2007, through June 30, 2007, Symantec
detected an increase in cyber criminals leveraging sophisticated toolkits to
carry out malicious attacks. One example of this strategy was MPack, a
professionally developed toolkit sold in the underground economy. Once
purchased, attackers could deploy MPack's collection of software components
to install malicious code on thousands of computers around the world and
then monitor the success of the attack through various metrics on its
online, password protected control and management console. MPack also
exemplifies a coordinated attack, which Symantec reported as a growing trend
in the previous volume of the ISTR where cyber criminals deploy a
combination of malicious activity.
Phishing toolkits, which are a series of scripts that allow an attacker to
automatically set up phishing Web sites that spoof legitimate Web sites, are
also available for professional and commercial cybercrime. The top three
most widely used phishing toolkits were responsible for 42 percent of all
phishing attacks detected during the reporting period.
"In the last several Internet Security Threat Reports, Symantec discussed a
significant shift in attackers motivated from fame to fortune," said Arthur
Wong, senior vice president, Symantec Security Response and Managed
Services. "The Internet threats and malicious activity we are currently
tracking demonstrate that hackers are taking this trend to the next level by
making cybercrime their actual profession, and they are employing
business-like practices to successfully accomplish this goal."
Symantec Corp. (Nasdaq: SYMC)