Quiet, targeted and profit-driven. These are the adjectives describing the current attacks ruling the IT threat landscape, according to Symantec's latest Internet Security Threat Report, released today.
"Cybercrime is really at center stage," Dave Cole, director of Symantec Security Response, said in an interview last week. "The reality is we're dealing with cybercriminals, people out to steal your (personal) information."
The ninth version of the semiannual report analyzed malicious code of more than 120 million desktop gateways, from July 1, 2005 to Dec. 31, 2005.
Among the key findings:
As attackers focus on specific targets to steal confidential information, they are striving to go unnoticed.
"They don't want to make a lot of noise," Cole said. "They want to be very stealthy, which is one of the trends we see going forward."
Particularly troubling is the shift toward modular malicious code, discrete pieces of code that infect a machine but go unnoticed until they deploy their more destructive partners in crime.
"The sole goal is to get on a person's machine in very silent fashion, disable anti-virus software and then download its bigger brother," Cole said.
In a similar way, botnets covertly inhabit a system, allowing an attacker to remotely control the release of their destructive viruses. Although the report said the number of bot-infected machines is dropping – likely due to administrators implementing better security measures – they still pose a significant threat, particularly for DoS extortion attacks.
"Despite this drop, bots and bot networks continue to pose a serious security risk due to their ability to amplify attacks and the level of anonymity they provide an attacker," the report said.
And Symantec said it expects malicious hackers to increase their use of rootkits to evade security software and avoid detection.
The report also highlighted the need for enterprises to secure popular web applications, technologies that rely on a browser for their user interface.
Traditional security measures such as intrusion detection systems and firewalls do not always guarantee protection because they "allow web traffic onto a network by default," the report said.
"This could enable a successful attacker to then compromise an entire network by gaining access through a single vulnerable system," the report said. "Vulnerabilities in these technologies can also give an attacker access to confidential information from databases without having to compromise any servers."