Hackers are after your money, warns Symantec

Unpatched and vulnerable systems are open to hackers seeking financial gain, Symantec has warned in its latest report
Written by Abby Dinham, Contributor

E-commerce has emerged as the "single most targeted industry" according to the latest Internet Security Threat Report from security software provider Symantec, with hackers now appearing to be motivated by economic gain rather than notoriety.

The bi-annual report traced Internet attack trends from 1 January to 30 June this year, it said, also studying vulnerabilities and malicious code activity in more than 180 countries.

The managing director of Symantec, John Donovan, said the latest report demonstrates that exploits are being created faster than ever. However, he told ZDNet Australia today the increase is attributed more to a rise in threat variants than new viruses.

"We have certainly seen variants before but not at this rate," he said, "generally the number of standard viruses is the same."

Donovan said the focus on e-commerce by hackers "illustrates the basic shift in the style of code that is being created".

"We have seen a pretty rapid shift in the style of threats by hackers as they focus more on key-logging and phishing scams for financial gain," he said.

"Companies using e-commerce also retain a lot of data about customers, account numbers and personal information, and a lot of smaller businesses conducting transactions online don't put the money into security, so they become easy targets," said Donovan.

According to Donovan, many small businesses still do not have an "appropriate level of security".

The report found that e-commerce accounted for 16 percent of all the attacks registered, marking an increase of 300 percent from the 4 percent it accounted for in the previous report.

According to Symantec, attacks against Web application technologies have also become popular in the last six months. The company said the applications are "appealing targets for hackers", due to their "widespread deployment within organisations and the relative ease with which they can be exploited".

"Web applications allow attackers to gain access to the target system simply by penetrating one end-user's computer, bypassing traditional perimeter security measures," Symantec said in a statement released on Tuesday.

Donavan singled out Internet Explorer as featuring among the most targeted Web applications by hackers.

"Applications like Internet Explorer are often deployed and then patches are not thought about for them, making them an easy target," he said. "People tend to focus more on Web site attacks and email but Web application vulnerabilities are not high profile."

The report also revealed that the time between the identification of a vulnerability and the release of a code to exploit it has been cut to an average of 5.8 days, which it said gives organisations one week to patch a vulnerable system.

"Once an exploit has been released, the vulnerability is often widely scanned for and quickly exploited," the company said.

According to Donovan the turnaround time for hackers had increased incredibly in the last three years.

"In 2001 there was a time frame for vulnerability and exploit release of 120 days, now it's five to six days," he said. "Patches take about 30 days to deploy once the system is checked. People need better warning systems and better management systems to accelerate patch deployment."

Symantec also recorded a rise in the detection of bots -- "programs that are covertly installed on a targeted system", according to the company, allowing the hacker to control the computer remotely -- from 2,000 detections per day to more than 30,000. The number peaked at 75,000 in one day.

However, Donavan said the rise in bot activity is usual as bot statistics change on a "fairly regular basis".

Symantec said the emergence rate of new "easy-to-exploit" vulnerabilities has also increased in the last report period, with more than 1,297 documented, averaging out to 48 new vulnerabilities per week.

"Seventy percent of these vulnerabilities were considered easy to exploit, and 96 percent were considered moderately or highly severe," the company said.

"Consequently, organisations must contend with an average of more than seven new vulnerabilities per day, and a significant percentage of these vulnerabilities could result in a partial or complete compromise of the targeted system."

Topping the ranks as the most popular attack threat was the "Slammer worm", according to the report, with 15 percent of the attacks. Gaobot and its variants were the second most prevalent attack, recording a 600 percent increase over the report period.

Donovan said the fact that the virus is still around -- it was first introduced in 2003 -- shows that "people aren't getting their systems patched".

The United States came in as the most productive country of hacker activity again, as it has all the years the report has been carried out, said Donovan, with 37 percent of attacks sourced from the country. Despite its number one position, the statistic represents a drop from 58 percent in the previous six months for US hacker activity.

Hacker activity sourced to Australia reportedly increased in the past report period, to 4.8 percent of the total.

Donavan said although Australia's percent of worldwide hacker activity is very small, the figures have steadily increased across the last three reports.

"It was 1.3 percent, then 2.6 percent in the last report and now 4.8 percent in this report," he said, adding that figure points to the "last known source of the attack" not necessarily the original source.

Symantec said malicious code also increased by more than 4.5 times the number it was in the same period in 2003, equating to over 4,496 new Windows viruses and worms, with most aimed at the Win32 operating system.

"Peer-to-peer services (P2P), Internet relay chat (IRC), and network file-sharing continue to be popular propagation vectors for worms and other malicious code," the company said. "Adware is becoming more problematic, making up six of the top 50 malicious code submissions."

Donovan predicts that phishing and spam will increase by the next report, and open-source software, such as Linux, will become a bigger target on the hacker agenda.

"We're seeing an attempt in exploiting Linux environment and as it becomes more widely deployed it will become more of a target," he said.

Donovan adds that spyware and viruses targeting portable and Bluetooth devices will also become more prevalent.

ZDNet Australia's Abby Dinham reported from Sydney. For more coverage from ZDNet Australia, click here.

Editorial standards