Symantec released its latest Internet Security Threat Report volume XV. Here are some of its findings:
- Given the potential for monetary gain from compromised corporate intellectual property (IP), cybercriminals have turned their attention toward enterprises. The report found that attackers are leveraging the abundance of personal information openly available on social networking sites to synthesize socially engineered attacks on key individuals within targeted companies.
- Cybercrime attack toolkits have lowered the bar to entry for new cybercriminals, making it easy for unskilled attackers to compromise computers and steal information. One such toolkit calledZeus (Zbot), which can be purchased for as little as $700, automates the process of creating customized malware capable of stealing personal information. Using kits like Zeus, attackers created literally millions of new malicious code variants in an effort to evade detection by security software.
- 2009 saw dramatic growth in the number of Web-based attacks targeted at PDF viewers; this accounted for 49 percent of observed Web-based attacks. This is a sizeable increase from the 11 percent reported in 2008.
- In 2009, Symantec identified more than 240 million distinct new malicious programs, a 100 percent increase over 2008.
- 75 percent of enterprises surveyed experienced some form of cyber attack in 2009.
- It was estimated that Downadup was on more than 6.5 million PCs worldwide at the end of 2009. Thus far, machines still infected with Downadup/Conficker have not been utilized for any significant criminal activity, but the threat remains a viable one.