Rapidly evolving security attack trends

On Monday, Counterpane Internet Security and MessageLabs released their 2005 Attack Trends & Analysis report, which analyzes security attacks across 15 industry sectors and discusses how these attacks affect organizations and outlines the extent of potential damages.

"In just 12 months, cyber-criminals have moved away from deploying large-scale generalized attacks, like Blaster and Slammer, towards carefully engineered attacks calculated for precise outcomes," says Bruce Schneier, founder and CTO of Counterpane. This approach is epitomized by 2005's epidemic of identity theft and financial fraud. Today's attackers are smarter and stealthier. They're much more likely to install spyware; they're more interested in making money. These attackers will continue to exploit enterprise networks for their own purposes, and it is essential that organizations keep their security vigilant to counter these threats."

The two security firms estimate some malware with a modest infection rate could cost a small company $83,000 a year--and may cost a large company $1 million or more. These are direct losses, they add.

Some key findings:

• Close to 40 percent of the financial services and banking industry sector suffered the most Trojan attacks. This sector again outranked its peer industries as the most exposed to probes and enumeration attempts, at nearly 30 percent of total targeted scan attacks worldwide.

• Hackers are engineering Trojan attacks and targeted scans to exploit weaknesses in the security posture of financial institutions. The FBI, the IMF and the FTC all agree the financial sector has become a lucrative target for the financially motivated hacker.

• Pharmaceutical and healthcare is the segment most frequently attacked by spyware, and the utilities, power and energy sector experienced the most significant increase of spyware infestation compared to any other sector.

For a copy of the full report, go to Counterpane.