Stealth internet attacks on the rise
By Rene Millman,
The number of stealth attacks on internet users has grown steadily over the last six months and is set to continue, according to a new report.
The research carried out by IBM Internet Security Systems' X-Force research team identified and analysed more than 210,000 new malware samples, already exceeding the total number of malware samples observed over the entirety of 2006.
The research team also uncovered a thriving industry in managed exploit providers. These criminals buy exploit code from the underground, encrypting it to prevent others pirating the code before selling it on to spam distributors.
The criminals now lease the exploit to other gangs to test exploitation techniques while buyers make a smaller initial investment, mirroring the legitimate business model of managed service providers. The leasing of exploits is said to make the option more attractive to criminal gangs.
Trojans make up most malware discovered on the internet this year, accounting to 28 per cent of all malware. This compared to 2006 when downloader malware was the most common category.
"The X-Force security statistics report for 2006 predicted a continued rise in the sophistication of targeted, profit-motivated cyber attacks," said Kris Lamb, director of X-Force for IBM Internet Security Systems. "This directly correlates to the rise in popularity of trojans that we are witnessing this year, as Trojans are often used by attackers to launch sustained, targeted attacks."
Obfuscated malware also appears to be on the increase this year. This type of malware makes it difficult for signature-based intrusion detection and prevention products to detect attacks. In 2006, 50 per cent of websites hosting exploit material obfuscated their payload. This year that figure reached 80 per cent.
However, a slight decrease in the overall number of vulnerabilities was reported when the first half of this year was compared to the first half of last year. A total of 3,273 vulnerabilities were identified in the first half of this year, marking a decrease of 3.3 per cent compared to the first half of 2006.
According to the researchers, the increasing profitability of malware has meant that vulnerabilities are now remaining undisclosed as criminals use them to make money.
The full report can be found here.
advertisement
Latest Security Features
Who should be Britain’s cyber security czar?
Experts reveal what a UK head of cyber security would need to do, while we put forward possible candidates for the role.
- The reality of movie technology
- Do smartphones need security software?
- Protecting the London 2012 Olympic Games
- Focus on... Flexible working
- Cyber policing and surveillance in Britain today
- How an FBI agent transformed Microsoft security
- Can security concerns kill cloud computing?
- GhostNet: Did the Chinese government hack the world?
- How poor web security nearly lead to a jail term
Latest Security Reviews
HP BladeSystem c3000 review: blade server
Rating: 
- CA ARCserve Backup r12.5 review
- FaceTime Communications USG530 - web filtering appliance review
- Guardium 7 – database security review
- Google Apps Premier Edition
- SmoothWall UTM-1000 review
- Lenovo ThinkPad USB Portable Secure Hard Drive
- LogRhythm LR-500-XM review
- EXCLUSIVE - eSoft ThreatWall 250
- Zebra RZ400 - RFID Printer
advertisement
Latest News Videos in Security
Video: Mobile security threats and Mac complacency
PlayPart two: Eugene Kaspersky, chief executive and founder of Kaspersky Lab, talks about the increasing security threats mobile users are facing.
Whitepapers
Want more background on today's hottest IT trends?
Visit IT PRO's whitepaper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Social Bookmark this article: What is this?