Cybercriminals innovate to fuel the underground economy

21 Apr 2010

Bangalore: Criminals from the Internet's underground economy aren't just content to steal money from ordinary users, they are increasingly focusing their efforts on high-end crime, reveals net security firm Symantec Corp's latest Internet Security Threat Report: volume XV, released today.

The report highlights key trends in cybercrime from 1 January 2009 to 31 December 2009 and reveals continued growth in both the volume and sophistication of cybercrime attacks.

''Attackers have evolved from simple scams to highly sophisticated and focused campaigns,'' said Vishal Dhupar, managing director, Symantec, India. ''The scale of these attacks and the fact that they originate from across the world, makes this a truly international problem requiring global cooperation.''

Trends in cybercrime:

  • Cybercriminals have turned their attention toward enterprises, given the potential for monetary gain from compromised corporate intellectual property (IP). The report found that attackers are leveraging the abundance of personal information openly available on social networking sites to synthesise socially engineered attacks on key individuals within targeted companies.
  • Web-based attacks continued to grow unabated. Today's attackers leverage social engineering techniques to lure unsuspecting users to malicious websites. These websites then attack the victim's webbrowser and vulnerable plug-ins normally used to view video or document files.

In 2009, India ranked second for origin for Web-based attacks in Asia-Pacific-Japan (APJ), with 16 per cent of the APJ total.

This is a significant increase from the previous reporting period, when India accounted for less than one per cent of Web-based attacks in the region. Globally in 2009, India ranked seventh with three per cent of the worldwide total.

  • Credit card information remains the most frequently advertised data by cybercriminals. Stolen credit card information can be quickly and easily used to purchase goods online where relatively minimal card information is required to authorise transactions. In addition to physical goods purchased online for subsequent delivery, criminals can purchase digital goods such as domain registrations, music, software, and gift certificates for online stores, which they receive immediately.
  • Malicious Activity takes root in emerging countries. According to the Internet and Mobile Association of India, internet usage in the country has risen by 20 per cent in the last year alone with people progressively spending more time online. Additionally, Indians are increasingly accessing and editing sensitive information from their workstations/PCs, from home and in transit through their laptops, net books or smart phones. India's surge in malicious activity in 2009 has moved the country from 11th for overall malicious activity in 2008 to fifth in this period. The report also indicated that countries with emerging broadband infrastructure may continue to account for larger percentages within specific categories.

Highlights from the rports (India):

  • India saw an average of 788 bots per day during 2009. There were 62,623 distinct bot-infected computers observed in the country during the period. Amongst the cities in India with the highest number of bot-infected computers, Mumbai figured at the top with 50 per cent followed by Delhi at 13 per cent and Hyderabad at 7 percent. Cities like Bangalore (6 percent), Cochin (5 percent), Chennai (4 percent), Ahmadabad (2 percent) and Pune (3 percent) too had a siseable share of bot-infected computers
  • Top malicious code propagation vectors. 71 per cent of the malicious codes were propagated through file sharing/ executables, 35 per cent through files transfer and CIFS (Common Internet File System) and 17 per cent through remotely exploitable vulnerability. Other popular means included file transfer/ e-mail attachment, file transfer/ IMs, SQL, Backdoors etc.
  • Malicious code types. A continuing trend for Internet users in India is the threat landscape being heavily infested with worms and viruses. The percentage of worms in India at 51 per cent is higher than the APJ regional average of 40 percent. 26 per cent of the malicious codes in India were viruses versus the APJ average of 16 percent. Trojans (19 percent) and Backdoors (3 percent) were the other prominent mal - codes in the country.
  • Trends in spam and phishing. India is the third highest spam originating country in the world, contributing four per cent to the worldwide spam volumes. In the APJ region however, India ranked first and contributed 21 per cent to the regional total. Six per cent of the world spam zombies and 28 per cent of the APJ regional spam zombies resided in India. One per cent of the world phishing hosts and 7 per cent of the regional phishing were in India.

ISTR Global Highlights:

  • Malicious code is more rampant than ever. In 2009, Symantec identified more than 240 million distinct new malicious programs, a 100 per cent increase over 2008.
  • Top threats. The Sality.AE virus, the Brisv Trojan and the SillyFDC worm were the threats most frequently blocked by Symantec security software in 2009.
  • Downadup (Conficker) still very prevalent. It was estimated that Downadup was on more than 6.5 million PCs worldwide at the end of 2009. Thus far, machines still infected with Downadup/Conficker have not been utilised for any significant criminal activity, but the threat remains a viable one.
  • Another turbulent year for spam. In 2009, spam made up 88 per cent of all e-mail observed by Symantec, with a high of 90.4 per cent in May and a low of 73.7 per cent in February. Of the 107 billion spam messages distributed globally per day on average, 85 per cent were from botnets. The 10 major bot networks, including Cutwail and Mega-D now control at least 5 million compromised computers. Throughout 2009, Symantec saw botnet infected computers being advertised in the underground economy for as little as 3 cents per computer.