|
Numbers Don't Lie
Victims and statistics tell the story. An IBM survey released earlier this year of IT professionals shows that nearly 60 percent believe cybercrime results in more lost revenue, customers and worker productivity than physical crime.
The FBI/Computer Security Institute's annual survey of 700 information security professionals reveals that the average loss from unauthorized access to information shot up to $303,234 last year from $51,454 in 2004. At the same time, theft of proprietary information more than doubled to an average loss of $355,552. Research firm Computer Economics estimates that total worldwide damages from malware, including recovery costs and revenue loss, totaled $14.2 billion last year.
Botnets are the primary vehicle for hacker mayhem. Many bot programs have limited functionality until triggered by the host system. Once activated, bots download their malicious arsenal, including Trojans bearing keyloggers or auto-update capabilities that communicate with a third-party server.
According to Symantec's Internet Security Threat Report, nearly 11,000 new Windows viruses and worms were detected in the second half of 2005. Bot-related malware was up 43 percent over the first six months of 2005, and Symantec warns the next surge may be coming soon.
"Bad guys have perfected their bu...
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
siness models," says malware expert and author Ed Skoudis. "If you go back 20 years, few crime organizations had IT departments. Now they do; and it more than pays for itself."
Stealthy and Social
Many of today's hackers aren't satisfied with mere pennies for each adware dropped or botnet rented. They want customer data and intellectual property; they want to infiltrate government agencies and steal precious secrets that, if let out, could endanger national security. A large manufacturing company (that did not want to be identified) reports constant network scans from China and Eastern Bloc nations, probing for engineering files that could be sold to the competition on the ever-fertile black market.
Money motivates hackers, but sophisticated skills are getting them inside the virtual walls of a corporation and enabling them to steal away undetected with their loot. Rootkits are the flavor-of-the-moment stealth technology-- some are bundled in spyware that exploits flaws in popular browsers like Internet Explorer. Rootkits mask the presence of malicious code and intrusions. Those that piggyback spyware could also drop keyloggers and provide root- level access to systems; most have auto-update capabilities. It's all about getting in and out quietly. The longer an attacker has system access, the longer he can poke around.
|
 |
|
