Over the past two reporting periods, Symantec has observed a fundamental shift in Internet security activity. The current threat environment is characterized by an increase in data theft and data leakage, and the creation of malicious code that targets specific organizations for information that can be used for financial gain.
Instead of exploiting high-severity vulnerabilities in direct attacks, attackers are now discovering and exploiting medium-severity vulnerabilities in third-party applications, such as Web applications and Web browsers. Those vulnerabilities are often used in “gateway” attacks, in which an initial exploitation takes place not to breach data immediately, but to establish a foothold from which subsequent, more malicious
attacks can be launched.
Symantec has observed high levels of malicious activity across the Internet, with increases in phishing, spam, bot networks, Trojans, and zero-day threats. However, whereas in the past these threats were often used separately, attackers are now refining their methods and consolidating their assets to create global networks that support coordinated criminal activity.
This has resulted in an increasing interoperability between diverse threats and methods. For example, targeted malicious code may take advantage of Web-enabled technologies and third-party applications to install a back door, which then downloads and installs bot software. These bots can, in turn, be used to distribute spam, host phishing sites, or launch attacks in such a way as to create a single coordinated network of malicious activity. Once entrenched, these networks can be used in concert as global networks of malicious activity that support their own continued growth.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment