Symantec: Cyber Criminals Target Home Users

The latest edition of Symantec’s Internet Security Threat Report finds that phishing attacks are becoming ever-more sophisticated sophisticated and increasingly targeting home users, while the number of vulnerabilities found in everyday Web browsing software saw a significant increase from January to June of 2006.

Overall, Symantec finds that cyber-attackers are increasingly shifting from network-based attacks and exploits designed to show off an attacker’s technical prowess to attacks aimed directly at everyday client-side software and which are specifically designed to obtain information which criminals may be able to exploit for financial gain. In the corporate world, this means information whcih can obtain unauthorized access to corporate networks and data; in the consumer realms, it means personally idenfitying information like names, addresses, identification information, account numbers, passwords, and more. Attacks are more likely to be low-profile, slow-spreading targetted attacks which are designed to propagate “under the radar” of major security firms (like Symantec, Sophos, and McAfee).

Among Web browsers, Symatec found that nearly half (47 percent) of browser-based attacks target Microsoft Internet Explorer, but that Mozilla browsers actually registered the greatest number of new vulnerabilities for the period (47, compared to 38 in Internet Explorer. Microsoft Internet Explorer also had the longest average period of vulnerability before patches were available (9 days); Apple managed five days, Opera two days, and Mozilla just one day. However, no one gets off easy: 80 percent of the new vulnerabilities were considered easily exploitable, and 78 percent of those vulnerabilities impacted Web applications.

Symantec also found that 86 percent of all targeted attacks went after home computer users, indicating cyber criminals are believe targeted phishing scams (which often rely on information amount individuals mined via search engines and crawlers) are a very effective use of their time and resources. Symantec tracked more thn 157,000 unique phishing messages during the first half of 2006—an increase of 81 percent—and each attack might consist of tens of thousands of individual messages.

Where do these criminals operate, and where do the attacks come from? The United States was ranked as the top country of attack origin, accounting for 37 percent of all attacks tracked by Symantec; similarly, the U.S. had the highest percent of bot network command-and-control servers, accounting for 42 percent. However, Beijing China was the city with the most bot-infected computers, and China itself accounted for 20 percent of bot-infected computers worldwide during the first half of 2006.