Stealth internet attacks on the rise
By Rene Millman,
The number of stealth attacks on internet users has grown steadily over the last six months and is set to continue, according to a new report.
The research carried out by IBM Internet Security Systems' X-Force research team identified and analysed more than 210,000 new malware samples, already exceeding the total number of malware samples observed over the entirety of 2006.
The research team also uncovered a thriving industry in managed exploit providers. These criminals buy exploit code from the underground, encrypting it to prevent others pirating the code before selling it on to spam distributors.
The criminals now lease the exploit to other gangs to test exploitation techniques while buyers make a smaller initial investment, mirroring the legitimate business model of managed service providers. The leasing of exploits is said to make the option more attractive to criminal gangs.
Trojans make up most malware discovered on the internet this year, accounting to 28 per cent of all malware. This compared to 2006 when downloader malware was the most common category.
"The X-Force security statistics report for 2006 predicted a continued rise in the sophistication of targeted, profit-motivated cyber attacks," said Kris Lamb, director of X-Force for IBM Internet Security Systems. "This directly correlates to the rise in popularity of trojans that we are witnessing this year, as Trojans are often used by attackers to launch sustained, targeted attacks."
Obfuscated malware also appears to be on the increase this year. This type of malware makes it difficult for signature-based intrusion detection and prevention products to detect attacks. In 2006, 50 per cent of websites hosting exploit material obfuscated their payload. This year that figure reached 80 per cent.
However, a slight decrease in the overall number of vulnerabilities was reported when the first half of this year was compared to the first half of last year. A total of 3,273 vulnerabilities were identified in the first half of this year, marking a decrease of 3.3 per cent compared to the first half of 2006.
According to the researchers, the increasing profitability of malware has meant that vulnerabilities are now remaining undisclosed as criminals use them to make money.
The full report can be found here.
advertisement
Latest Security Features
IT around the world: Russia
In the first of an on-going series examining IT markets around the globe, we look at whether investing in Russia is worth the risk – and how to go about it the right way.
- Chinese web control an Olympic challenge for tech firms
- SOS Bletchley Park
- Where will IT be in 2015?
- Q&A: John Stewart, Cisco's chief security officer
- NHS IT - something to celebrate?
- Q&A: Tom Ilube, head of Garlik
- Ten of the most infamous ‘black hat’ hackers
- USB Flash Disks: A modern day business curse?
- Creating a mobile data management policy
Latest Security Reviews
AVG Internet Security SBS Edition 8.0
Rating: 
- Finjan Vital Security Web Appliance NG-6000S
- LogLogic MX2010
- Exclusive: WatchGuard Firebox Core X750e
- Sophos ES4000 Security Appliance
- Microsoft Forefront Security for Exchange and SharePoint
- EXCLUSIVE: Juniper Networks SSG 550 UTM appliance
- EXCLUSIVE: Arbor Networks Peakflow X 3.7
- EXCLUSIVE: Check Point UTM-1 1050
- EXCLUSIVE: Finjan Vital Security NG-5100
advertisement
Latest News Videos in Security
Video: Q&A with Richard Archdeacon, Symantec
PlayIT PRO speaks to Richard Archdeacon, director, global services, at the information security software vendor Symantec.
White papers
Want more background on today's hottest IT trends?
Visit IT PRO's white paper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free white papers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Social Bookmark this article: What is this?