Data security summary report for the first 6 months of 2007

F-Secure today released a summary report of data security threats and trends during the first half of 2007.

They saw a steady flow of data security threats — the underlying trend to note is the spread of malicious activity across various forms of technology and applications during the past 6-months. It would appear that the parties orchestrating these security attacks are gaining a larger and larger foothold in building a sustainable commercial economy based on carefully crafted security attacks targeting consumers, companies and public sector organizations.

Social engineering developed to a new level of sophistication via the Small.DAM Trojan, causing havoc via e-mail in January, 2007. Masking itself under the pretence of shocking headline news, linked to real-life events such as the January storms in Europe, the Storm-Worm spread at an alarming speed across the globe in just one night.

The F-Secure Tracking System was illuminated across the continents as the Trojan took its course http://f-secure.com/2007/images/stormworm.wmv.

The banking industry continued to be a key target for phishing scams. As Trojans become more technically complex, scammers implemented new techniques in their attacks including content filters that keep closer track of consumers’ online banking activity. Such detection methods make it easier and more effective for fraudsters to collect more account details using a variety of methods. However, an industry discussion is gathering pace around a potential solution to banking scams. We believe that top-level domains inaccessible to scammers, such as .bank, could put a stop to some of the most alarming phishing activity.

The link between cybercrime and real-life political unrest was tightened as a form of “Cyber War” emerged, causing political rioting and general unrest in the Estonian capital of Tallinn. Disputes over the re-location of a Russian Red Army monument not only led to arrests over ground, but several governmental and other public sector and media websites were heavily targeted via Distributed Denial of Service (DDoS) attacks by an extremely active network of hackers. Several key sites were rendered unreachable.

Adding to the construction of a stronger malicious economy of sophisticated security breaches, the mobile malware industry became more active during the last 6 months. “Personalised” SMS spam, financial lotteries, and Viver trojans masking themselves as utility programs are some of the examples of the fast-developing mobile scams. New spyware was also reported for some Windows Mobile and Symbian S60 3rd Edition devices.

It is fairly alarming to see increasingly complex mobile trojans and spyware being developed by growing commercial entities, making solid profits to support further development of the malicious economy.

For more information about these and other stories, please consult the “F-Secure 2007 Data Security Summary for H1, 2007.” In addition of being available for download as a PDF file, F-Secure has also prepared a video and audio Podcast version of the summary, featuring Chief Research Officer Mikko Hypponen. Please see http://www.f-secure.com/2007/ for more information.

Don't miss