Is Organized Crime Controlling Your PC?

Samantha Perry, Computing South Africa

A rise in attacks for financial gain, as opposed to attacks motivated by the creator's desire to gain notoriety, is a disturbing trend noted in Symantec's latest report on Internet security. Symantec is a leading provider of antivirus and PC security software.

The people behind these types of attacks, says Symantec Africa regional manager Patrick Evans, are well-funded, organized crime groups that use networks of bots to obtain financial information for their own gain. "It is not just script kiddies anymore," he says, "although they are still there." Bots, Evans explains, are installed on vulnerable PCs and can be remotely controlled. A further implication of such control is that code can be updated on the fly, rendering antivirus software useless in a matter of seconds.

"Bot networks are the favored mechanism of organized crime syndicates to gather financial data," Evans says. The latest report notes that there has been an enormous increase in the number of IP addresses associated with bot networks--from an average of 2000 per day from June through December last year, to an average of 34,000 per day in June of this year, with a peak of 75,000 per day in March 2004.

Symantec updates its Internet Security Report twice a year. The most recent one, for the period from January through June 2004, was released by the company last week. The reports are based on empirical data obtained from some 400 managed devices customers, 4500 managed and monitored devices, six secure operations centers, 20,000 sensors on devices in 180 countries, and feedback from some 120 million Symantec clients. The data excludes spam, but includes phishing attacks, which are often carried out via spam e-mails.

Attacks on E-Commerce Sites on the Rise

The Symantec report also states that attackers' focus has shifted regarding targeted-industry attacks. An industry is classified as being the victim of a targeted attack if it receives three or more attacks, from an attacker that has not targeted any other industries, during the report period.

Attacks on the e-commerce industry (defined as companies that conduct their business online--for example, Amazon.com) have increased by 400 percent, while attacks on small businesses have risen threefold. "This again confirms the trend towards more attacks for financial gain," notes Evans. "It is also particularly disturbing for the small-business sector, as these companies do not have the money for antivirus software, let alone firewalls or managed security services. They are being targeted because they are unprotected and become participants in bot attacks. Nonprofit organizations are also in the top three targeted industries, while better-protected industries, like financial services and telecommunications, are not targeted anymore," he adds.

Another trend becoming increasingly apparent is the rise in attacks originating from countries where Internet access--and access speed--has dramatically increased. Africa, for example, has seen a rise in the number of attacks originating on the continent, although only by a small percentage. Japan has seen a decrease, while statistics from Russia (where many of the organized crime syndicates are based) are rising steadily. The anticipated increase in Internet availability and access speed in South Africa (and all over Africa) will in all likelihood produce a further increase in these figures in the next reporting period, unless this trend is countered by an increase in user-education levels.