The changing nature of cyber crime

Date: 19 September 2006
(ICT World)
Christo van Staden, director at Carrick Holdings
The digital age has given rise to a new breed of bounty hunter. While their modus operandi and equipment may differ substantially from that of their villainous predecessors, their motive is the same - immediate gain at another's expense...

Cyber crime is changing. Not only is the profile of the criminal quite different from what we have long understood to be the case, their motivation and techniques have developed, and are more sophisticated and sinister. Individuals and companies have to be proactive in their approach to defence.
 
According to the latest edition of the Symantec Internet Security Threat Report, attacks and malicious code dominate cyber crime, and the target has moved from being the network perimeter and is now Web browsers and Web applications.
 
Attackers are no longer isolated pockets of mainly disorganised individuals, whose chief aim is to test skills against security systems or digitally trespass and deface Web sites.
 
Today, cyber criminals are organised, in many cases part of syndicates, established to carry out threats to extract information for fraud, extortion and other criminal acts.
 
In terms of vulnerability trends, Symantec noted 1 896 new vulnerabilities, the highest recorded number since 1998, and Web application vulnerabilities made up 69% of all vulnerabilities during this period.
 
In addition, on average, 49 days elapsed between the disclosure of a vulnerability and the release of an associated patch by the vendor. The company also documented 40% more vulnerabilities in 2005 than in 2004.
 
The general trend points to an increase in vulnerabilities and companies are being forced to address this issue across the infrastructure.
 
According to the Report, the latter half of 2005 attracted more than 10 992 new Win32 viruses and worms. This was marginally up from the 10 886 in the first half of the year.
 
Sober.X was the most widely reported malicious code sample, followed by Nestky.P and Mytob.ED.
 
Other sobering facts documented in the report include Symantec having blocked 1,5bn phishing attempts, representing a 44% increase over the first half of 2005; and an average of 7,9m phishing attempts per day an increase of 39%.
 
As far as threat activity for the period July to December 2005 is concerned, Symantec has taken note of the following key trends, amongst others:
* The Microsoft SQL Server Resolution Service Stack Overflow Attack was the most common attack;
* An average of 39 attacks per day, down from 57 attacks per day in the first half of the year;
* During the last six months of 2005, the US was the source country of 31% of attacks, the most of any country;
* Financial services was the most frequently targeted industry;
* The average number of denial of service (DoS) attacks detected per day was 1 402, an increase of 51% from the first half of 2005.
 
In light of the overall increase in level and sophistication of attacks, companies have little choice but to be proactive in their approach to IT security.
 
The integration of technology and systems must take into consideration critical business requirements, and incorporate the roles of people, processes and procedures.
 
At the end of the day, there are options, solutions and strategies that businesses and individuals can utilise to defend themselves against attacks and avoid a potentially painful lesson.