Symantec warns that the public sector faces growing security threats

Security specialist Symantec has released the latest edition of its Threat Report for the last six months of 2006, highlighting an increased threat to the government sector.

The study showed that a quarter of data breaches involved information held by government or its agencies, with education second with 20 per cent, followed by the health sector with 14 per cent.

Most data breaches - 54 per cent - were the result of theft or loss of either a computer or other hardware, such as a USB stick.

"Activity has moved away from compromising machines for compromising's sake," said Symantec's security architect for Advanced Threat Research, Ollie Whitehouse.

Instead the activity has moved into the realm of 'industrial espionage' and 'identity theft'.

Whitehouse said that if there was one thing that could be done to make an impact on security issues it would be make sure data is encrypted.

"One should think about the security of data while in transit," he said. "Encrypting that data would remove 50 per cent of breaches from those sources."

Governments were also the prime target of Denial of Service (DoS) attacks, accounting for 30 per cent of all detected attacks.

Whitehouse said: "Government is a relatively soft target compared to finance... Government agencies that do collect databases of information store it in lots of different places. Because they hold so much information, lots of separate groups need access to it, so there are several routes in."

Other trends include a 'shift in botnet construction' to fewer but larger networks. This is in conjunction with a 25 per cent drop in numbers of command and control servers used to marshal the activities of them.

The viral landscape continues its trend towards more numerous, short-lived Trojans. Numbers in the top 50 malicious code report grew from 23 per cent to 45 per cent.

"There are more Trojans," agreed Whitehouse. "But what's of real concern is that they're still working. That [user education] message isn't getting through."

And the increasing use of 'confidence trick type approaches' continues to dupe users into running e-mail attachments.

But behind all of the trends observed by Symantec is the growing awareness of the opportunities for financial gain in cyber criminality.

"We've seen a number of trends over the past six months, but what is startling is the level of co-ordination," said Whitehouse.

"That side of the industry has grown up as it has become evident that this is a low-risk criminal activity to perform."

Symantec has been monitoring the various underground economy servers to which people pay for access with lists of PIN numbers, credit card information and other sensitive details all for sale.

Most of these are located in the US, but Sweden ranks second and Canada third. Prices are cheap, too. US credit card details including security verification value are as little as 52 pence each. UK credit cards cost a little more with prices from 1.03. Entire US identities will set you back at least 7.22. After an infected computer? 3.09. Details of an online bank account with nearly $10,000? 154.64.

Symantec is faced with the obligation to have such servers shut down. However, Whitehouse said that this would result in the server simply being moved elsewhere. Far more effective is to monitor the servers and inform the authorities of the compromised data it finds.

Spam too remains on its upward path, with volumes up 50 per cent, and pump and dump scams making up 20 per cent - again with the motivation of making money via a scam rather than the small odds that the recipient will actually buy advertised goods.

The upside of this is that there is a paper trail to follow. "Yes, they still have to use brokering accounts to get the money in and out," said Whitehouse. "Which makes them relatively easy to identify."

Symantec noted an average of 904 unique phishing mails a day over the period. In Europe, Germany hosted the most phishing sites in Europe with 32 per cent. The UK was second with 9 per cent. But strangely Russia was right down in fifth place.

Whitehouse identified a new target, which he referred to as 'secondary economies'. By this he means the online worlds of MMORPGs such as Blizzard's World of Warcraft and Linden Lab's Second Life, where virtual objects have a real world value.

Attacks are used to "asset strip user accounts," said Whitehouse. "They are recognised as valuable assets to the right audience."

Doing so allows attackers to 'target a new demographic' in younger people who might not have bank accounts, but might have a valuable collection of game items.

For the future, Symantec highlighted Vista and third-party applications, virtualisation and spam and phishing attacks targetting mobile devices as areas of concern.

"The techniques employed are evolving at a very fast pace," warned Whitehouse.