Symantec’s latest Internet Security Threat Report, as reported by Mercury News, warns that identity and data theft has moved away from the fly-by-night model, and has increasingly become professionalized.
Online, for as little as $14, you can pick up a new identity, complete with working U.S. bank account, credit card with security code, date of birth and government-issued social security number.
The low cost of stolen identities in the underground economy is just one of many chilling statistics in the company’s semiannual Internet Security Threat Report, released today. The report tracked online threats, such as viruses and phishing scams, from July through December of last year, on the tens of millions of computer systems used by the company and its customers.
Among some notable findings published in the report was that spamming activities and coding of malicious software are mostly done during office hours, particularly during weekdays in the country of origin, from 9 a.m. to 5 p.m.–indicating that these efforts are no longer simply done by hobbyists, but are most likely to be done by organized groups employing programmers and spammers.
“The hobby-horse hacker is a thing of the past. These guys work business hours,” [Symantec's Alfred] Huger said. “It’s pretty organized, which is the scary part. Now we’re seeing a well-oiled machine for stealing data.”
For the duration of data gathering (second half of 2006), the United States had the highest proportion of malicious activity originating from its networks (at 30%), while also having majority (51%) of all known “underground economy” servers. China, meanwhile, had the world’s largest proportion of bot-infected computers, at 26%.
The report also notes the increase in financial fraud-related spam, such as stock pump-and-dump schemes. Phishing attacks also tend to increase around holidays and special events, as social engineering attacks tend to be easier to perpetrate during these seasons.