Public sector faces growing security threat - Symantec

 

Gallery

Posted on 19 Mar 2007 at 14:08

Symantec has released the latest edition of its Threat Report for the last six months of 2006, highlighting an increased threat to the government sector.

The study showed that a quarter of data breaches involved information held by government or its agencies, with education second with 20 per cent, followed by the health sector with 14 per cent.

Most data breaches - 54 per cent - were the result of theft or loss of either a computer or other hardware, such as a USB stick.

Symantec's Security Architect for Advanced Threat Research, Ollie Whitehouse, said that 'Activity has moved away from compromising machines for compromising's sake,' into the realm of 'industrial espionage' and 'identity theft'.

He said that if there was one thing that could be done to make an impact on security issues it would be make sure data is encrypted. 'One should think about the security of data while in transit,' he said. 'Encrypting that data would remove 50 per cent of breaches from those sources.'

Governments were also the prime target of Denial of Service attacks, accounting for 30 per cent of all detected attacks.

Whitehouse said that: 'Government is a relatively soft target compared to finance... Government agencies that do collect databases of information store it in lots of different places. Because they hold so much information, lots of separate groups need access to it, so there are several routes in.'

Other trends include a 'shift in botnet construction' to fewer but larger networks. This is in conjunction with a 25 per cent drop in numbers of command and control servers used to marshal the activities of them.

The viral landscape continues its trend towards more numerous, short-lived Trojans. Numbers in the top 50 malicious code report grew from 23 per cent to 45 per cent.

'There are more Trojans,' agreed Whitehouse. 'But what's of real concern is that they're still working. That [user education] message isn't getting through.'

And the increasing use of 'confidence trick type approaches' continues to dupe users into running email attachments.

But behind all of the trends observed by Symantec is the growing awareness of the opportunities for financial gain in cyber criminality.

'We've seen a number of trends over the past six months, but what is startling is the level of co-ordination,' said Whitehouse. 'That side of the industry has grown up as it has become evident that this is a low-risk criminal activity to perform.'

Symantec has been monitoring the various underground economy servers to which people pay for access with lists of PIN numbers, credit card information and other sensitive details all for sale.

Most of these are located in the US, but Sweden ranks second and Canada third. Prices are cheap, too. US credit card details including security verification value are as little as 52p each. UK credit cards cost a little more with prices from £1.03. Entire US identities will set you back at least £7.22. After an infected computer? £3.09. Details of an online bank account with nearly $10,000? £154.64.

Symantec is faced with the obligation to have such servers shut down. However, Whitehouse said that this would result in the server simply being moved elsewhere. Far more effective is to monitor the servers and inform the authorities of the compromised data it finds.

Spam too remains on its upward path, with volumes up 50 per cent, and pump and dump scams making up 20 per cent - again with the motivation of making money via a scam rather than the small odds that the recipient will actually buy advertised goods.