Symantec warns that the public sector faces growing security threats

gallery

Security specialist Symantec has released the latest edition of its Threat Report for the last six months of 2006, highlighting an increased threat to the government sector.

The study showed that a quarter of data breaches involved information held by government or its agencies, with education second with 20 per cent, followed by the health sector with 14 per cent.

Most data breaches - 54 per cent - were the result of theft or loss of either a computer or other hardware, such as a USB stick.

"Activity has moved away from compromising machines for compromising's sake," said Symantec's security architect for Advanced Threat Research, Ollie Whitehouse.

Instead the activity has moved into the realm of 'industrial espionage' and 'identity theft'.

Whitehouse said that if there was one thing that could be done to make an impact on security issues it would be make sure data is encrypted.

"One should think about the security of data while in transit," he said. "Encrypting that data would remove 50 per cent of breaches from those sources."

Governments were also the prime target of Denial of Service (DoS) attacks, accounting for 30 per cent of all detected attacks.

Whitehouse said: "Government is a relatively soft target compared to finance... Government agencies that do collect databases of information store it in lots of different places. Because they hold so much information, lots of separate groups need access to it, so there are several routes in."

Other trends include a 'shift in botnet construction' to fewer but larger networks. This is in conjunction with a 25 per cent drop in numbers of command and control servers used to marshal the activities of them.

The viral landscape continues its trend towards more numerous, short-lived Trojans. Numbers in the top 50 malicious code report grew from 23 per cent to 45 per cent.

"There are more Trojans," agreed Whitehouse. "But what's of real concern is that they're still working. That [user education] message isn't getting through."

And the increasing use of 'confidence trick type approaches' continues to dupe users into running e-mail attachments.

But behind all of the trends observed by Symantec is the growing awareness of the opportunities for financial gain in cyber criminality.

"We've seen a number of trends over the past six months, but what is startling is the level of co-ordination," said Whitehouse.

"That side of the industry has grown up as it has become evident that this is a low-risk criminal activity to perform."

Symantec has been monitoring the various underground economy servers to which people pay for access with lists of PIN numbers, credit card information and other sensitive details all for sale.

Most of these are located in the US, but Sweden ranks second and Canada third. Prices are cheap, too. US credit card details including security verification value are as little as 52 pence each. UK credit cards cost a little more with prices from £1.03. Entire US identities will set you back at least £7.22. After an infected computer? £3.09. Details of an online bank account with nearly $10,000? £154.64.

Symantec is faced with the obligation to have such servers shut down. However, Whitehouse said that this would result in the server simply being moved elsewhere. Far more effective is to monitor the servers and inform the authorities of the compromised data it finds.

Email to a friend

Print this page