Stealth internet attacks on the rise
By Rene Millman,
The number of stealth attacks on internet users has grown steadily over the last six months and is set to continue, according to a new report.
The research carried out by IBM Internet Security Systems' X-Force research team identified and analysed more than 210,000 new malware samples, already exceeding the total number of malware samples observed over the entirety of 2006.
The research team also uncovered a thriving industry in managed exploit providers. These criminals buy exploit code from the underground, encrypting it to prevent others pirating the code before selling it on to spam distributors.
The criminals now lease the exploit to other gangs to test exploitation techniques while buyers make a smaller initial investment, mirroring the legitimate business model of managed service providers. The leasing of exploits is said to make the option more attractive to criminal gangs.
Trojans make up most malware discovered on the internet this year, accounting to 28 per cent of all malware. This compared to 2006 when downloader malware was the most common category.
"The X-Force security statistics report for 2006 predicted a continued rise in the sophistication of targeted, profit-motivated cyber attacks," said Kris Lamb, director of X-Force for IBM Internet Security Systems. "This directly correlates to the rise in popularity of trojans that we are witnessing this year, as Trojans are often used by attackers to launch sustained, targeted attacks."
Obfuscated malware also appears to be on the increase this year. This type of malware makes it difficult for signature-based intrusion detection and prevention products to detect attacks. In 2006, 50 per cent of websites hosting exploit material obfuscated their payload. This year that figure reached 80 per cent.
However, a slight decrease in the overall number of vulnerabilities was reported when the first half of this year was compared to the first half of last year. A total of 3,273 vulnerabilities were identified in the first half of this year, marking a decrease of 3.3 per cent compared to the first half of 2006.
According to the researchers, the increasing profitability of malware has meant that vulnerabilities are now remaining undisclosed as criminals use them to make money.
The full report can be found here.
You may also like...
Sponsored Links
advertisement
You may also like...
Latest Security Analysis & Insight
Who to trust after the VeriSign hack?
Davey Winder questions what data was stolen from VeriSign and wonders why the company hasn't been more forthcoming.
- Striving to solve the security skills crisis
- Would you employ a hacker or malware writer?
- Q&A: Raj Samani, CTO McAfee
- Erase and rewind: the EU and privacy
- My email address is [CENSORED]
- Is there such a thing as a secure tablet?
- 2011: The year in news
- BYOD: Old or new, good or bad?
- Are the cookie laws crumbling already?
Latest Security Reviews
Check Point 2210 Appliance review
Rating: 
advertisement
Most popular
- Google releases Chrome for Android beta
- Will someone rid me of these troublesome Macs?
- OneNote hits Google?s Android
- BlackBerry Bold 9790 review
- Google sends in Bouncer to sort out malicious apps
- Ubuntu vs. Windows 7 on the business desktop
- Who to trust after the VeriSign hack?
- Head to Head: Mac OS X 10.7 Lion vs Windows 7
- ACTA: the basics, the controversies, and the future
- BT considering Ofcom price cap appeal
Latest News Videos in Security
IT PRO Podcast: Are UK data protection laws flawed?
PlayWe bring in two experts to talk about the problems with UK data protection law and the way it is managed.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
