Today’s Internet attacks are more covert - with many victims not immediately recognizing that their computers have been compromised - and the attacks are more often for financial gain rather than fun, says a new report from San Diego-based Websense.
The report summarizes Websense Security Labs’ findings for the first half of 2006. Websense makes Web filtering and security software for medium- to large-sized businesses.
The report’s findings are grim for both business and personal Internet users.
"Cybercriminals are now more creative, organized and business-savvy," the report said.
"True ‘companies’ have emerged, producing and selling toolkits and developing business partner programs that enable less-technical, ‘traditional’ criminals to use the Web to steal data and make money - lots of it."
"Toolkits" for online criminals are an emerging trend. The kits, made by professional writers out of malicious code, sell on the Internet for anywhere from $30 to $3,000 and even feature user manuals.
The kits allow novice cybercriminals to launch sophisticated attacks with minimal expertise and effort, said Dan Hubbard, vice president of security research for Websense.
One toolkit, available for $200 to $300 on a Web site hosted in Russia, allows criminals to infect a victim’s computer with a piece of malicious computer code that can log keystrokes and open a backdoor to the victim’s computer. Websense said it has discovered 7,500 Web sites that have used the toolkit.
The company said there were 212 known malicious codes used to steal passwords in June, up from 184 in January. The number of Web sites hosting password-stealing codes was 2,945 in June, up from 1,100 in January, Websense reported.
Traditional hacking for fun has been replaced with activities designed to steal confidential data to reap financial rewards, according to the report.
In the first six months of this year, the number of Web sites designed to steal financial data and personal information has doubled. During that period, there was a 60 percent decrease in sites that hosted benign attacks, such as adding a bookmark or changing a home page without the user’s permission.
Websense said an increasing number of Web servers are being exploited by hackers to host malicious computer code - unbeknown to the Web site owner or site visitors.
"You could be searching for your favorite recipe and go to a Web site that has that information, but the site may have been compromised and you wouldn’t even know it," Hubbard said. "Even the Web site owners usually don’t know."
In several cases discovered by Websense, victims had dozens of pieces of malicious code on their computers.
Phishing increased almost 60 percent in the first six months of this year, from 17,877 phishing reports in January to 28,571 reported in June, according to the report. Websense said it saw three to six new attacks every day against companies that had never been targeted.
Phishing is a type of online fraud in which a victim receives a legitimate-looking e-mail or visits a legitimate-looking Web site that appears to be that of a well-known company, such as a credit-card issuer or bank.
The victim is tricked into giving personal information that can be used for identity theft or credit-card theft.
"When phishing first started, there were a limited number of brands that were being targeted - the top five banks in the United States, for example," Hubbard said. "Now they’re going after little tiny credit unions in Omaha and Hawaii and San Diego."
Toolkits are also being sold to enable phishing, the report said. One kit was used to host phishing attacks against Citibank, eBay and other well-known companies on one Web site.
A new trend in phishing involves using malicious computer code that injects itself into the victim’s Web browser and then steals information entered by the victim onto a legitimate electronic form. This type of phishing was made possible by a kit for sale for $3,000 on a Web site hosted in Russia, the report said.
Websense’s security products prevent company employees from accessing sites that are known to host online attacks. Hubbard said that home computer users should keep their software up to date so that it includes the latest security patches.
He also cautioned against clicking on links in e-mails that appear to come from legitimate companies but which may be phishing attacks.
For information on the latest Internet attacks, visit Websense Security Lab’s alerts at www.websense.com/securitylabs/alerts.