Cybercrime Toolkits for Neophytes Pose a Global Threat - Yahoo! News

The ready availability of attack toolkits is making it easier than ever for even neophyte attackers to compromise computers and steal information, Symantec says in a new Internet security report released Monday. Social-networking sites are also providing cybercriminals with the means to launch attacks on enterprises by leveraging the abundance of personal information available about key corporate executives.

According to Symantec, 75 percent of the enterprises it recently surveyed had experienced some form of cyberattack in 2009. One reason is the increasing popularity of online banking, which Symantec credited with boosting threats to confidential files from 83 percent in 2008 to 98 percent last year.

"Attackers have evolved from simple scams to highly sophisticated espionage campaigns targeting some of the world's largest corporations and government entities," said Symantec Senior Vice President Stephen Trilling. "The scale of these attacks -- and the fact that they originate from across the world -- makes this a truly international problem requiring the cooperation of both the private sector and world governments."

Attack Toolkits

The advent of inexpensive cybercrime attack toolkits has lowered the bar to entry, Trilling noted. For example, a Zeus (Zbot) toolkit priced around $700 -- or in some cases available for free download -- automates the process of creating customized malware capable of stealing personal information.

Variants of the Zeus kit use spam to lure surfers to a web site that uses social engineering or that exploits a browser vulnerability to install the bot on a victim's computer, Symantec said.

"The bot then allows remote access to the computer and can be used to steal information such as the user's online banking credentials," the report noted. "Each bot can then be used to send additional spam runs to compromise new users."

Moreover, attackers have learned to employ social-engineering techniques to lure unsuspecting users to malicious web sites that attack the victim's browser as well as vulnerable plug-ins for viewing videos and documents. During 2009, PDF files accounted for 49 percent of all observed web-based attacks -- up from 11 percent in 2008.

Symantec believes it likely that attackers are targeting browsers and PDF reader plug-ins because the two technologies are among the most widely deployed on the Internet. On the browser side, Symantec reported 169 vulnerabilities for Mozilla's Firefox browser in 2009, versus just 45 for Internet Explorer. Nevertheless, IE likely remained the most attacked browser last year, Symantec said, because of IE's commanding market share worldwide.

Enterprise Responses

Given the rising sophistication of cybercrime prevention efforts in developed countries, cybercriminals are increasingly hosting their attacks at locations in developing nations where enforcement efforts are less advanced and criminals less likely to be prosecuted. Brazil, India, Poland, Vietnam and Russia were among the top cybercrime havens last year.

To mitigate the vulnerability of enterprises to cyberattacks, companies need to step up their efforts to develop and enforce IT policies, as well as properly manage their systems, Symantec said. For example, administrators can limit potential exposure by securing endpoints, messaging and web environments, as well as by implementing policies to combat threats, the report advises.

The distribution of patches and the enforcement of patch levels through automated processes also can prevent known vulnerabilities from becoming exploited. Nevertheless, the application of security patches continued to be a challenge last year for many users, who failed to patch even very old vulnerabilities, Symantec said.

For example, the second-most-attacked web-based vulnerability in 2009 was a weakness Microsoft disclosed in 2003 and for which a patch has been available since mid-2004, Symantec said. Old vulnerabilities will remain a favorite target of hackers because the latest attack toolkits now come bundled with technologies for exploiting these security holes, the report advises.