Malicious Cyber Acts

“As the world has flattened, we’ve seen a significant amount of emerging threats from increasingly sophisticated groups attacking organizations around the world,” CEO of anti-virus vendor McAfee David DeWalt said. DeWalt also stated that cybercrime is now a $105 billion business and is more lucrative than the illegal drug trade. DeWalt’s latter comment was heavily scrutinized Kevin Poulsen of Wired. “The $105 billion figure has been bouncing around the media like a bad check for two years, being quietly debunked by security experts and the tech press,” he wrote in his blog. Speaking in his defense DeWalt responded, “Let’s not lose sight of the main point. Cybercrime is becoming increasingly organized, targeting everyone from individuals to business to governments.” Recent reports leave little room for argument with DeWalt’s rebuttal. According to reports from companies such as IBM, Symantec, and Computer Associates, cybercrime is going strong.While IBM notes that for the first time in the history of its data collection there has been a decrease in the number of disclosed vulnerabilities, it reports that the severity of the vulnerabilities has increased. IBM states that the percentage of high impact vulnerabilities has risen from 16 percent in 2006 to 21 percent in the first half of this year. A report from the Computing Technology Industry Association (CompTIA) indicates the same: “Among organizations that reported a security breach in the past 12 months, the average severity level of the breach stood at 4.8 on a 0-10 scale, where 0 is not at all severe and 10 is very severe. The corresponding severity level rating for the past two years was at 2.3 and 2.6.” Reports also concur that the United States is a focal point for malicious cyber activity.

According to IBM’s data, the U.S. is the spam capital of the world. Thirteen and a half percent of the world’s spam originates from within the U.S., more than one third of spam-related Web sites are hosted in the U.S. and, “the U.S. continues to lead the world as the final Web destination for products promoted through spam e-mail messages.” Furthermore, IBM notes that, “Almost half of all fraudulent phishing Web sites are hosted within the U.S.” Symantec also found that the U.S. topped the list of the country from which most malicious activity was spawned. For the first half of this year the U.S. made up 30 percent of worldwide malicious activity according to Symantec’s reporting. (The U.S. held the same position for the second half of 2006 as well.) Not only was the U.S. the number one source, but “For each of the malicious activities taken into account for this measurement, the United States ranked number one by a large margin with the exception of bot-infected computers. It ranked second for that criteria behind only China.” If it could be any consolation, Symantec also observes that the U.S. is the victim of the majority of attacks.

The Symantec report suggests that the reason for America’s dominance is that 18 percent (more than any other country) of Internet users reside in the U.S. and its established Internet infrastructure is well known enough to be exploited with relative ease. “As a result, not only are there a lot of attackers there, but they have had a long time to understand the technologies and to hone their skills. Attackers in countries that have less well established traditions of Internet usage or that are still experiencing rapid growth in their Internet infrastructure may not have the same level of user sophistication.” While this may seem, with hindsight, to be obvious, it actually represents a shift in Symantec’s opinion. Earlier the company suggested that as Internet infrastructure becomes established and Internet users become more sophisticated and knowledgeable of computer security issues, overall network and end user security should improve. “However, the prominence of the United States in this discussion, and the attendant level of malicious activity originating there, indicates that this is not always the case.” In fact, Symantec now concludes that, “the United States will likely remain number one for malicious activity for some time because of this.”

Aside from agreeing that the U.S is a key factor in the continuing threat of malicious cyber activity the reports each have their own tale to tell. But among all the points to be made there are some worth pulling out for general consumption and which help to color the overall picture.

A McAfee publication from April entitled, The Future of Cybercrime states, “The largest enabler of cybercrime today is the ‘botnet,’ a network of robot-infected PCs centrally controlled by an attacker, or bot herder.” Symantec notes that the number of bot infected computers has dropped 17 percent from last year, down to an average of 52,771 active bot-infected computers per day. Symantec suggests that the decrease in bot-infected computers is due to several factors including the introduction of default firewalls in popular operating systems, increasing awareness of computer security issues among organizations and computer users, and law enforcement initiatives targeting bot-networks. Though the drop in bot-infected computers is a positive sign in that it shows such methods can be deterred, it is not a sign of victory. The report notes, “the exploitation of network-based vulnerabilities to spread bots is being slowly abandoned for methods that are more likely to succeed.” One of the methods deemed likely to succeed is the use of Trojans.

According to Symantec, “During the first half of 2007, Trojans made up 54 percent of the volume of the top 50 malicious code reports, an increase over the 45 percent reported in the final six months of 2006.” Symantec also reported that, “Trojan activity increased from 60 percent of potential infections in the last half of 2006 to 73 percent in the current period.” CA notes the increase in Trojan activity as well. Their reports states that, “Trojans now dominate the landscape.” They reported that in the first half of 2007 65 percent of malware submitted by customers were Trojans. IBM says that Trojans are the “largest threat category of malware so far in 2007.” They account for 28 percent of all malware and, “2007 figures reveal that the amount of Trojans is nearly double the next closest category.”

What all the collected data seems to reveal is that cybercrime is not going away. Whether the $105 billion estimate posited by DeWalt is accurate or not, cyberspace is fertile ground.

A more complete version of this post, including links to market research, can be found at the website of Analyst Views Weekly.

More information on this topic can be found in Northern Light’s Software, Computers, & Services Market Intelligence Center.

And in the following articles:

Fake Factoid Virus: ‘Cybercrime More Lucrative Than Drug Trade’
Wired, September 22, 2007
If you’ve been reading Slashdot, you’re probably stunned to learn that cybercrime has just now ballooned into a $105 billion industry, making it more lucrative than the global trade in illegal drugs. This from David DeWalt, CEO of anti-virus vendor McAfee, who dropped the billion-dollar bombshell at a conference in Tucson.

Cyberthreats Outpace Security Measures, Says McAfee CEO
InformationWeek, September 18, 2007
Despite the increase in government compliance requirements and the proliferation of security tools, companies continue to underestimate the threat from phishing, data loss, and other cyber vulnerabilities, new McAfee CEO David DeWalt said Tuesday.

Report: Four Percent of E-Crime from Fortune 100
Washington Post, September 17, 2007
Roughly four percent of all spam, malicious software attacks, phishing Web sites and other cyber crime activities detected in the first half of 2007 emanated from the networks controlled by the world’s 100 highest-grossing companies, according to a new report from anti-virus company Symantec.

U.S. Government Prepares for Cyber War Games
ars technica, July 5, 2007
In May, the nation of Estonia suffered a massive distributed denial-of-service (DDoS) attack on that country’s major web sites, an attack that Estonian officials believed was ordered by the Russian government in response to the removal of a statue of a Soviet soldier. Russian officials denied involvement, and third-party investigation could not determine the source of the attacks, but signs were pointing towards Russian involvement on some level.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: