Internet domain registrar and infrastructure service provider VeriSign's bi-annual Net security report says online attacks are now more likely to be the organized work of gangs than the maverick work of individual crackers and hackers.
"A new generation of 'sophisticated hackers' is taking advantage of system exploits as part of larger information/identity theft attack efforts," the company said, announcing the report's publication November 16. "Additionally, [our] intelligence found that multiple pieces of malware were developed during the third quarter of 2004 to exploit mobile operating-system vulnerabilities. The briefing also notes a 150 percent growth in security events per device per day as compared to the third quarter of 2003."
VeriSign said online crime in the past twelve months has become more organized and directed toward specific financial reward, with spam efforts more aggressive against filtering solutions and continuing to be "the primary vector" for cybercrime – including advance fee fraud, phishing, and work-at-home schemes.
"Networks of captured machines or 'botnets' are now routinely used to deliver spam, which can help seed virus distributions and Distributed Denial of Service attacks," the company continued. "The report offers techniques to reduce email abuse, including spelling out special email characters such as the 'at' sign or period. Such measures prevent hackers from identifying and then harvesting large numbers of addresses using robots or spiders that scan the Internet for recognized email symbols. In addition, the report suggests the use of separate email accounts for newsgroups or discussion boards; this allows better monitoring and disposal of spam."
Covering July-September 2004, the report said security attacks have dipped in volume from the first two quarters of the year, though the volume remains higher than in the third quarter of 2003 and the level of potential damage continues to rise.
The highest volume of online fraud continues to come from the U.S., VeriSign said, with Vietnam and Indonesia placing second and third in volume while Macedonia (the former Yugoslav republic) topped the percentage of total fraudulent online transactions in the third quarter.
