Internet Crime on the Rise, Focused on Desktops

[inline:1]First half of 2005 has seen a steep rise in online criminal activities of all sorts, mostly fueled by security flaws of softwares. Antivirus company Symantec published the eighth Internet Security Threats Report with six months of data indicating the recent attacks were made for earning money and that threats towards desktops exceeded those towards institutions.

Between Jan. 1 and June 30, malicious software code that revealed confidential information represented 74 percent of the top 50 malicious code samples reported to software security firm Symantec, up from 54 percent in the previous six-month period.

"Whereas traditional attack activity has been motivated by curiosity and a desire to show off technical virtuosity, many current threats are motivated by profit," according to the semiannual Internet Security Threat Report released Monday by Symantec.

While information theft is on the rise, the ability of viruses and worms to spread has been limited because corporations are promptly patching known security flaws in their software, the company said.

Identity theft is often accomplished by phishing, in which a bogus e-mail message directs the recipient to an imitation Web site that mimics the appearance of a bank or Internet merchant Web site. Consumers are asked to "update" or "confirm" their personal information, and in doing so unwittingly disclose Social Security, credit card or bank account numbers. Phishing attempts are up 100 percent in the past six months, Symantec said.

Meanwhile, vulnerabilities in programs were uncovered in record levels. Almost half of these vulnerabilities were classified as "high severity" by Symantec. Almost 60% were in Web applications. "Web applications are an underestimated risk," report editor Dean Turner says, noting that bugs that exploit these vulnerabilities are simple and easy for hackers to find.

Symantec also saw an increase in the number of targeted attacks. The most frequently targeted business sectors are small business, followed by accounting and education. Small businesses account for 38% of all attacks, despite a Small Business Technology Institute study that reported 80% of small businesses think they have sufficient security in place.