Cybercrime Increases in Scale, Sophistication: Symantec
The security software vendor's annual Internet report finds that cybercrime continued to increase in complexity and volume as the year progressed.
Symantec's annual Internet Security Threat Report should give enterprise customers and consumers plenty of cause for concern, considering that more and more people are actively participating in cybercrime and their efforts are becoming more targeted and disruptive than ever.
"Attackers have evolved from simple scams to highly sophisticated espionage campaigns targeting some of the world's largest corporations and government entities," Symantec's Stephen Trilling said in the report. "The scale of these attacks and the fact that they originate from across the world, makes this a truly international problem requiring the cooperation of both the private sector and world governments."
One of the more troubling developments this year, from a security standpoint, is the popularity and availability of attack toolkits available online that lower the barrier of entry for folks interested in pursuing cybercrime for a living.
Symantec security researchers said that one such do-it-yourself kit, Zeus (Zbot), simplifies life for hackers by automating the process of creating custom malware used to steal victims' personal information. And it only costs $700.
"Using kits like Zeus, attackers created literally millions of new malicious code variants in an effort to evade detection by security software," the report said.
Targeted malware campaigns became de rigueur in the cybercrime community in 2009, with international hacking syndicates zeroing in on specific companies, industries and government agencies.
Symantec said attackers are becoming especially skilled at leveraging a ton of personal information openly available on social networking sites to construct socially engineered attacks on key individuals within targeted companies.
There was also a sharp upturn in Web attacks targeted at PDF viewers, a tactic that accounted for almost half (49 percent) of observed attacks, according to Symantec's report. That's up from 11 percent in 2008.
For the year, Symantec said it identified more than 240 million new malicious programs, up 100 percent from 2008.
The company said its antivirus software thwarted roughly 100 potential attacks per second last year.
Finally, 88 percent of all e-mail sent last year was found to be spam. Of the 107 billion spam messages distributed in 2009, more than 85 percent were from botnets.