The Internet has grown to be one of the most important information and business conduits the world has ever seen.  While it’s brought us amazing, new capabilities over the past 15 years or so, the Internet comes with its downside.  Much like the days when America was stretching itself from the east to the west, the “wild west” was a ripe playground for “bad” people. The same goes for the Internet.

It is a double-edged sword. We have amazing capabilities, but also a perfect landscape for lawlessness.  Hackers and cybercriminals have taken note. Today, they leverage the Internet to target specific individuals or groups of individuals at specific companies, get them to react to an email message thereby directing them to an attacker’s site and silently download malware to begin the process of gaining access and stealing data or IP.  What’s more, they’re automating their attacks. Sophisticated attackers are leveraging the power of scripting tools and computing power to call together vast amounts of computers to aide in perpetrating automated attacks.

(Cross-posted from Symantec Connect)

I believe that we have reached a saturation point.  You know how, after heavy rain, the ground can’t absorb any more water and it begins to pool on the ground? We’ve reached that point with security incidents.

The bad guys just can’t pump out new malware any faster. Check out the Norton Cybercrime Index.  The trends for 2011 are pretty much flat. The explosive growth in malware we’ve seen in the previous 10 years is just not sustainable. Maybe new hacker tools will come along, new propagation methods, or more platforms, or more people to infect.  But for now, things are beginning to stagnate.

This is not to say the problem is going away.  There were 286M new malware variants in 2010. 286 million! But even that mind-blowing number reflect a slow down.  It’s more than the year before, but not the 100% increase we’ve reported in previous years.  It’s not like the growth we use to see.

Not too many years ago, drivers often allowed their social security numbers to be printed on their licenses. Today consumers are wise enough to avoid that, yet they trust dozens of businesses with equally sensitive data such as their name, birth date and email address. That data is not only valuable to the organization, but also to cybercriminals looking to profit from careless security practices.

Enterprises are learning the hard way how vital it is to protect their customers’ data, with more and more businesses suffering black eyes in the media from recent data breaches. Hackers are quickly learning to steal and exploit whatever data is not well protected, instead of solely targeting financial information. Because of attack vectors such as phishing, these cybercriminals can utilize something as seemingly harmless as an email address to create a targeted attack designed to coerce people into giving up more valuable information.

(Cross-posted from Symantec Connect)

Shortened URLs have become popular in recent years as a means of conserving space in character-limited text fields, such as those used for micro-blogging. Some URLs consist of a substantial number of characters that can eat up character limits, break the flow of text, or cause distortions in how Web pages are rendered for users. URL shortening services allow people to submit a URL and receive a second, specially coded shortened URL that redirects to the original URL. When a user clicks on the shortened URL, the service will redirect the person to the submitted Web page.

Attackers are taking advantage of this type of service because it helps to hide the actual destination URL. Attackers use the shortened links, which may or may not be legitimate, to lead unwitting users to malicious websites that are designed to attack any system using a vulnerable browser.

(Cross-posted from Symantec Connect)

We are pleased to announce that Volume 16 of the Symantec Internet Security Threat Report (ISTR) is now available. There are some significant changes to the report this year, including several new metrics, a revamping of existing metrics, and a revised format. Aspects of the new format were first seen in the Report on Attack Kits and Malicious Websites, which was released earlier this year.

One point of interest in this most recent report is the continued prevalence of malicious code propagation through the sharing of malicious executables on removable media. This propagation mechanism has been ranked at the top for quite some time now, with no signs of coming down. However, in February 2011, right in midst of writing the report, we read an announcement by Microsoft that AutoPlay functionality (used extensively for this propagation mechanism) was getting an update that would significantly restrict its use. The update limits AutoPlay to CD and DVD media only, and as users adopt the update, we may see a substantial decline in the success rates of malicious code that makes use of it, such as SillyFDC and Sality.AE.