Symantec has released its annual Internet Security Threat Report. Its coverage of Internet attacks, vulnerabilities, malware, phishing, spam, and trend in the Internet security area is a must read for security and legal professionals. Here are some of the highlights.

Phishing, Spam, and Security Risks

• The Symantec Probe Network detected 157,477 unique phishing messages, an increase of 81%.
• Financial services was the most heavily phished sector, accounting for 84% of phishing activity.
• Spam made up 54% of all monitored email traffic, up from 50% in the last period.
• The most common type of spam detected in the first six months of 2006 was related to health services and products.
• Fifty-eight percent of all spam detected worldwide originated in the United States
• Eight of the top ten reported security risks were adware programs.
• Three of the top ten new security risks are what Symantec calls “misleading applications.

Attack Trend Highlights

• Microsoft Internet Explorer was the most frequently targeted Web browser, accounting for 47% of all Web browser attacks.
• Symantec observed an average of 6,110 DoS attacks per day.
• The United States was the target of the most DoS attacks, accounting for 54% of the worldwide total.
• The Internet service provider (ISP) sector was the most frequently targeted by DoS attacks.
• China had the highest number of bot-infected computers during the first half of 2006, accounting for 20% of the worldwide total.
• The United States had the highest percentage of bot command-and-control servers with 42%.
• Beijing was the city with the most bot-infected computers in the world.
• The United States ranked as the top country of attack origin, accounting for 37% of the worldwide total.
• The home user sector was the most highly targeted sector, accounting for 86% of all targeted attacks.

Read the full report (120 pages).

A new emerging cyber-threat  has been reported by antivirus and computer security vendors - installation of ‘ransomware’ on victims’ computers or servers which encrypts information on the affected machines and the subsequent demand of payment by attackers to release the information. The folks at Kaspersky Labs claim that they have seen an increase in ransomware but they deny that this problem has reached ‘epidemic’ levels. Among the main concerns is the increased encryption strength that has been noted over the past months - previously attackers used relatively weak encryption (56-bit) but recent ransomware has started using 660-bit encryption key, making any information recovery practically impossible.

A recent ransomware incident in Great Britain indicated the growing trend of ransomware attacks and the inability of law enforcement to deal properly with such incidents. Earlier this year, a Manchester woman unintentionally downloaded a trojan program which encrypted her files with a 30-character password and placed a note suggesting that she should not go to the police but instead buy pharmaceutical products in order to get the password and restore her files.

When she decided to report the incident to the police, her claim was met with shrug and an inadequate explanation by law enforcement,

We aren’t investigating the incident as it’s an Internet crime, and not within the GMP area — technically it’s international. Trying to find who did this it would be a monumental task. [statement by Greater Manchester Police spokeswoman]

Although the difficulties in tracking and prosecuting this case are enormous, it is very wrong for law enforcement to send the message that tracking the criminals is difficult or impossible. In groundbreaking and novel cases such as this one, law enforcement should put extra time and effort in making sure the trend stops, and not unintentionally encourage it.

According to a new study by AOL and NCSA,

roughly one in four U.S. Internet users are targets of phishing attacks–phony e-mails seeking personal financial data–according to a study conducted by Time Warner’s Internet unit AOL and the National Cyber Security Alliance.

Only 1 in 4? Considering that 100% (or close to it, anyway) of Net users receive spam, it is surprising that only 25% have been identified as receivers of phishing attacks. After all, it is often the same guys who fill our inbox with medication offers or mortgage deal-of-a-lifetime who graduate into sending phish email attacks.

The study showed that 81 percent of home PCs lack either updated computer software, spyware protection or a secure firewall.

And this explains why home networked PCs are the #1 source of spam, phish, or other Internet garbage.

[Via CNET News.com, United States -]

Maybe it is just because of the bad name and publicity that Nigeria received because of the so-called "Nigerian" scams (aka 419 scams) but Nigeria has announced efforts to curb scams originating there.

419 and other Nigerian variants of cybercrime have done unquantifiable
damage to Nigeria’s image and credibility. The government has resolved
to deal a fatal blow to the cybercrime networks operating from Nigeria
and the West African sub-region.

–

Nuhu Ribadu, the executive chairman of the Economic and Financial Crimes Commission of Nigeria

How is Nigeria going to "deal [the] fatal blow" to cybercrime networks? According to Mr. Ribadu, Nigeria "will  monitor cybercafes and take on a ’significant’ number of cases against such criminals based in Nigeria." I am not sure what is Nigeria’s record on privacy, but this sounds just as an excuse to monitor what Nigerians are doing online and with whom they are communicating. Prosecution of cyberscams is fine, but are there sufficient laws for this? If there are laws, why weren’t they enforced so far, and if there are no laws, why is this not the first step?

[Via CNET News.com, United States -]

News.com has a guide (more like a short explanation) to the common cyber scams that are most commonly reported to the Internet Fraud Complaint Center (under FBI.)

[Via CNET News.com, United States -]

Not necessarily illegal under current laws, but highly annoying and potentially dangerous practice by online scammers is gaining speed and attention. Typosquatters are people who register a domain name which is just a slight variation (usually misspelling) of a famous domain name hoping to attract users inadvertently misspell the name of a large or popular domain name. After being shown a page full of sponsored links, often provided by Google AdSense, the user often clicks on one of the paid links and generates a profit for the typosquatter.

Typosquatters register hundreds or thousands of domain names with variations of popular domains hoping to attract a larger number of users and obtain a larger profit of misspelled domain names. While in most cases there is no damage to the user (who only has to make an extra click to go to the desired site,) a typosquatter can easily deliver a page that looks like the intended domain and then possibly phish the users to submit personal or financial information.

The individual companies and domain name owners have little recourse other than buy the domain names themselves (if they thought about this early enough) or fight the typosquatter under the domain registrar agreements (usually arbitration) for each domain name - a costly and time-consuming endeavor, considering the amount of typosquatted domain names that an organization might have.

Oops. Microsoft executives ought to use Microsoft software, correct? A report on how Microsoft UK’s chief security advisor Ed Gibson’s PC became infected with a rogue dialler which then dialed long-distance numbers for a bill of £450.

Rogue diallers are programs, similar to trojans, that somehow (usually via spyware or via trickery) become installed on a victim’s computer and which then use the PC’s modem to dial premium rate long-distance (or international) numbers.

"I’m so perturbed about the whole area of rogue diallers… If we don’t
make a concerted effort to make the internet more secure, it will be a
very different place in the future," said Gibson, the MS UK executive at a security conference.

How about making Windows more secure, Mr. Gibson, so that the diallers don’t end up on people’s machines at first place, that would make the Internet a more secure place?

[Via Silicon.com, UK -]

Do people still believe the Nigerian scam? Apparently so. L.A. Times reports how a California record producer was duped into taking part of the scam and was eventually asked for the $50,000 repayment by the scammers.

Although the article notes the increased sophistication of the Nigerian
(and other) scammers, it nonetheless criticizes victims for being
"suckers."

Andrew Jaquith, a senior analyst at research firm Yankee Group, said that P.T. Barnum was slightly wrong when he said there was a sucker born every minute – there are hundreds.

[Via InternetNews.com -]

An amazing story, which I hope is true, but even if it isn’t, it makes a good anecdote.

A woman’s home was burglarized and her computer stolen. She had
subscribed to a Web-based service that transparently backed her files
up to a server, and when the thief reconnected her machine to the
network, the backup program quietly resumed operation. Since she
retained access to her account, the woman was able to log onto the
server and view the files being backed up from her (erstwhile) PC. So
she has the name and address of the thief as well as (and this blows me
away) digital pictures of him and his immediate family.

Amazing how stupid criminals can be. Unfortunately, there seems to be issue with the chain of evidence that prevents the police from being able to obtain an arrest warrant.

[Via ZDNet -]

A survey by the Computer Security Institute shows that although the losses by cyber crime are down, the frequency of the attacks has increased over the past year. The average dollar loss per incident in 2004 was $204,000 (a 61% drop from 2003.)

The breakdown of the losses, according to the survey is:

• viruses, $42.8M
• unauthorized access, $31.2M
• proprietary info theft, $30.9M
• denial of service, $7.3M
• insider ‘Net’ abuse, $6.9M
• laptop theft, $4.1M
• financial fraud, $2.6M
• misuse of public web application, $2.2M
• system penetration, $0.8M

[Via InternetNews.com -]

« Previous entries