April 13, 2009 19:01 ET

Your Identity for a Can of Cola

Symantec's 14th Internet Security Threat Report highlights how the booming underground economy is fuelling an identity price war

LONDON, UNITED KINGDOM--(Marketwire - April 14, 2009) -

Editors Note: There are 5 photos and 2 videos associated with this Press Release.

Symantec today released its Annual Internet Security Threat Report (ISTR), which found underground criminals are now buying full personal identities for less than the cost of a can of cola. For the bargain price of 50 pence, criminals can gain access to credit card details, names, addresses and date of births.

Guy Bunker, Chief Scientist, at Symantec said, "This recession proof 'Underground Economy' is reaching such a level of growth and maturity that there are signs of a price war developing, as online criminals find it increasingly easy to steal private details, and barter to sell them for bargain prices. As above ground the world economy spirals, the Underground Economy has never been healthier."

The Symantec ISTR provides an annual overview and analysis of worldwide internet threat activity, a review of known vulnerabilities and highlights of malicious code activity. The report, the largest and most detailed of its kind covers over 200 countries, is derived from data collected by millions of Internet sensors, first-hand research, and active monitoring of hacker communications and provides a global view of the state of Internet security.

Credit card information remains the most valued item, with details selling for as little as 40 pence ranging up to Pounds Sterling 20 for the most desired credit cards. Bank account credentials were fetching as much as Pounds Sterling 675 whilst full identities can be bought for between 50 pence and Pounds Sterling 40.

2008 will go down in history as the year of the malicious threat

The level of malicious activity now taking place online is starkly revealed in this year's ISTR, and further reinforces the point that the Underground Economy is thriving.

- 1.6 million individual malicious threats were discovered in 2008

- This number represents 60 percent of the 2.6 million malicious threats that Symantec has detected in last 27 years, and so marks a significant tide-mark in the battle for online security

Guy Bunker continued, "The Symantec ISTR this year highlights the size of the problem we are now dealing with. The fact 60% of the malicious threats ever recorded by Symantec were undertaken in 2008 highlights the seriousness of this rising threat and the need for us all to be educated about how to best protect ourselves, both at home and at work."

The web friend or foe?

The report also noted that web-based attacks remain the primary vector for malicious activity; this was in part due to the increasing size and sophistication of the Internet, as well as its increased use for a variety of activities. Attackers are also concentrating on compromising end-users for financial gain more than ever before.

- Of all the vulnerabilities identified in 2008, 63 percent affected web applications, up from 59 percent in 2007

- In 2008, 78 percent of threats targeting confidential information exported user data, up from 74 percent in 2007

- Six of the top 10 countries where Web-based attacks were prominent were from the Europe and Middle East Asia (EMEA) region - these countries accounted for 45 percent of the worldwide total, more than any other region

Rise of the bots

Finally, according to the report, 2008 was also a massive year for the bot, whose presence in the online world is rising steadily. Symantec observed an average of 32,188 active bots per day in the EMEA region in 2008, a 47 percent increase from 2007, when 21,864 active bots were detected.

- Spain was the top ranked country in EMEA for bot infections in 2008, with 15 percent of the total

- Lisbon was the top city, accounting for 5 percent of all bot infections in the region

- In 2008, Symantec identified 5,147 distinct new bot command-and-control servers in EMEA, of which 40 percent were through irC channels and 60 percent on http

- Russia was the top country for bot command-and-control servers in EMEA, with 20 percent of the regional total

Guy Bunker summarised, "The illegal world of Internet crime is no longer perpetuated by spotty teenagers, it is attracting intelligent adults, very often, in some of the world's developing countries such as Brazil and India. This booming Underground Economy really is bucking the global recession trend. With over 100,000 malicious codes born every working day, it's not just the technology and code that's getting clever... it's also the approach and the strategy behind each attack."

Additional key findings

- Over the past year, Symantec observed a 192 percent increase in spam detected across the Internet as a whole. The increase went from 119.6 billion messages in 2007 to 349.6 billion in 2008

- The highest percentage of spam detected in EMEA in 2008 originated in Russia, which accounted for 13 percent of the regional total

- In 2008, Symantec detected 55,389 phishing website hosts, an increase of 66 percent over 2007, when Symantec detected 33,428 phishing hosts

- Poland hosted the highest percentage of phishing websites to which EMEA users were directed by phishing lures in 2008, with 18 percent of all known lures

- The most common top-level domain used in phishing lures detected in EMEA in 2008 was .com, which accounted for 25 percent of the total

- Emerging countries are seemingly developing their own booming underground economies as their internet infrastructures and broadband populations grow

About Symantec

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored.

Link to the audio podcast:

Guy Bunker, chief scientist at Symantec, shares the highlights of Symantec's 14th annual Internet Security Threat Report, which incorporates data from more than 240,000 sensors in over 200 countries. The latest report has shown a huge rise in the number of individual threats, 1,656,227 globally in 2008 - 60% of the total number of malicious code threats detect to data and a threefold increase on 2007.

To view the accompanying photos, please visit the following links: list800b.jpg

To view the accompanying videos, please visit the following links:

Contact Information


Keyword Cloud

View Website