The latest Internet Security Threat Report was released in April 2008 by Symantec Corp. The report concludes that the Web is now the primary conduit of attack activity, as opposed to network attacks, and that online users can increasingly be infected simply by visiting everyday Web sites.
In addition, attackers are leveraging a maturing underground economy to buy, sell and trade stolen information. This economy is now characterized by a number of traits common in traditional economies. For example, market forces of supply and demand have a direct impact on pricing. Credit card information, which has become plentiful in this environment, accounted for 13% of all advertised goods — down from 22% in the previous period and sold for as low as $0.40. The price of a credit card in this underground market is determined by factors such as the location of the issuing bank. Bank account credentials have become the most frequently advertised item making up 22% of all goods and selling for as little as $10.
Other interesting findings in the report include:
– Theft or loss of a computer or other device made up 57% of all data breaches during the last half of 2007 and accounted for 46% of all reported breaches in the previous reporting period.
– Government was the top industry sector for identities exposed, accounting for 60% of the total, an increase from 12% in the previous reporting period.
– A full identity can be purchased in the underground economy for as little as $1.
The report is derived from data collected by millions of Internet sensors, first-hand research and active monitoring of hacker communications and provides a global view of the state of Internet security.
