In a press release today, Symantec has revealed information on how a new breed of cyber crook is working to try and steal valuable information which is being sold over the Internet. Cyber criminals are using exploits to attack well known websites that many internet surfers trust, in an attempt to steal personal information. Symantec describes the attacks as:

During the reporting period, Symantec detected attackers indirectly targeting victims by first exploiting vulnerabilities in trusted environments, such as popular financial, social networking and career recruitment Web sites. Symantec observed 61 percent of all vulnerabilities disclosed were in Web applications. Once a trusted Web site has been compromised, cyber criminals can use it as a source for distribution of malicious programs in order to then compromise individual computers. This attack method allows cyber criminals to wait for their victims to come to them verses actively seeking out targets. Social networking Web sites are particularly valuable to attackers since they provide access to a large number of people, many of whom trust the site and its security. These Web sites can also expose a lot of confidential user information that can then be used in attempts to conduct identity theft, online fraud or to provide access to other Web sites from which attackers can deploy further attacks.

This stolen information is than sold over the Internet by cyber crooks who concentrate on the following areas:

• Credit cards were the most commonly advertised commodity on underground economy servers, making up 22 percent of all advertisements; bank accounts were in close second with 21 percent.
• Symantec documented 237 vulnerabilities in Web browser plug-ins. This is a significant increase over 74 in the second half of 2006, and 34 in the first half of 2006.
• Malicious code that attempted to steal account information for online games made up 5 percent of the top 50 malicious code samples by potential infection. Online gaming is becoming one of the most popular Internet activities and often features goods that can be purchased for real money, which provides a potential opportunity for attackers to benefit financially.
• Spam made up 61 percent of all monitored e-mail traffic, representing a slight increase over the last six months of 2006 when 59 percent of e-mail was classified as spam.
• Theft or loss of computer or other data-storage medium made up 46 percent of all data breaches that could lead to identity theft. Similarly Symantecs IT Risk Management Reportfound that 58 percent of enterprises expect a major data loss at least once every 5 years.

It’s getting more dangerous out there, so protect yourself and your information from being compromised.

Comments welcome.

Full press release here.

Tags: symantec, cyber crooks, steal, information, internet