Symantec Internet Security Threat Report XII

September 24, 2007

Symantec's Internet Security Threat Report Volume XII has been released, covering the six-month period from January 1 to June 30, 2007. Among its highlights:

Increased professionalization and commercialization of malicious activities
As attack activity has become more profit-driven, many aspects of it have become professionalized and commercialized. To meet the needs of what has become a multi-billion dollar criminal industry, the development and distribution of many malicious activities has become professionalized and commercialized over the past two years.

Threats are increasingly tailored for specific regions
Attackers are currently focusing more on targets that share a common language, infrastructure, and/or online activity. Whereas earlier threat activity was predominantly global in nature, the expansion of broadband Internet into areas that have traditionally not been served by high-speed connectivity has given attackers new targets for attack activity.

Increasing number of multistaged attacks
There is an increasing number of activity that incorporates multistaged attacks. These are attacks in which an initial, low-profile compromise is used to establish a beachhead from which subsequent attacks are launched.

Attackers targeting victims by first exploiting trusted entities
Attackers are no longer actively seeking out their intended victims, rather they are now attempting to entice their victims to come to them. Instead of trying to break into the computers of targeted users, attackers are now compromising trusted sites and/or applications. When the end user visits that site or uses that application, the attacker is able to compromise the user's computer.

Convergence of attack methods
Attackers are now consolidating diverse attack methods to create global networks that support coordinated malicious activity. There is a convergence of the various components of attack activity that is due to the increased interconnectivity and cross-functionality of the various malicious activities.

Additionally, Symantec predicts that an increasing number of attacks in the future will be targeted towards virtual worlds (ex: World of Warcraft, Second Life, etc.), that malware will start using advanced techniques such as x-morphism in order to evade detection and analysis attempts, that attackers may begin researching into new techniques such as mash-ups in order to circumvent the same origin policy (SOP) in Web browsers, and that bots and bot networks will likely be used in an increasingly diverse number of ways in the near future.

Symantec's full 134 page Internet Security Threat Report Volume XII can be downloaded here.