The latest Internet Security Threat Report (ISTR) released by Symantec concludes that cyber criminals are increasingly becoming more professional – even commercial – in the development, distribution and use of malicious code and services.
During the reporting period of January 1, 2007 through June 30, 2007, Symantec detected an increase in cyber criminals leveraging sophisticated toolkits to carry out malicious attacks. The top three most widely used phishing toolkits were responsible for 42% of all phishing attacks detected during the reporting period.
The report mentions that Symantec detected attackers indirectly targeting victims by first exploiting vulnerabilities in trusted environments, such as financial, social networking and career recruitment Web sites. Symantec observed 61% of all vulnerabilities disclosed were in Web applications.
During the first six months of 2007, Symantec observed an increase in the number of multi-staged attacks which consist of an initial attack that is not intended to perform malicious activities immediately, but that is used to deploy subsequent attacks. One example of a multi-staged attack is a staged downloader that allows an attacker to change the downloadable component to any type of threat that suits the attacker’s objectives. Symantec observed that 28 of the top 50 malicious code samples were staged downloaders.