|
The latest Internet Security Threat Report (ISTR), Volume XIII (ISTR XIII), released today by Symantec reveals that Malaysia is the country with the second highest number of malicious activities in Southeast Asia behind Thailand. The report covers the six-month period from July 1 through December 31, 2007.
Kuala Lumpur is top on the list of Asia Pacific/ Japan (APJ) cities with the highest number of bot-infected computers. This is a stark contrast to the previous ISTR (January 1 – June 30, 2007), where it came in seventh on the list.In addition, Malaysia has also been identified as the country in SEA with the highest bot-infected computers. Short for “robots”, bots are covertly installed on a computer to allow hackers to remotely control the machine for a wide variety of malicious purposes such as data leakage and information and identity theft.
Kannan Velayutham, Consultant for Enterprise Security, Malaysia, Symantec cited the rapid growth of broadband penetration in Malaysia as a possible contributing factor to the rise in malicious activities because new broadband users may not be aware of the additional security precautions required when accessing an always-on high-speed Internet. This is an area to watch-out for as broadband penetration is expected to continue in its upward trend in Malaysia.
Read on for more info.
According to Kannan, “Malaysia has become a prime target for cybercriminals to launch malicious attacks in SEA. While there has been an overall decrease in bot-related activities across the APJ region from the previous ISTR, January to June 2007, Malaysia registered the highest rate of bot-infected computers in SEA. Bot-infected computers are a real concern for online users because their personal information can be easily leaked out, and compromised computers can be used as a launch base for other attacks.”
On the
global front, the Web has been identified as the primary conduit of attack
activity, as opposed to network attacks, and that online users can increasingly
be infected simply by visiting everyday Web sites. The report is derived from
data collected by millions of Internet sensors, first-hand research and active
monitoring of hacker communications and provides a global view of the state of
Internet security.
In the past,
users had to visit intentionally malicious sites or click on malicious email
attachments to become a victim of a security threat. Today, hackers are
compromising legitimate Web sites and using them as a distribution medium to
attack home and enterprise computers. Symantec noticed that attackers are
particularly targeting sites that are likely to be trusted by end users, such
as social networking sites.
"Avoiding
the dark alleys of the Internet was sufficient advice in years past," said Ong
Kah Wooi, Technical Consultant Manager, Pre-sales, Malaysia, Symantec. "Today's
criminal is focused on compromising legitimate Web sites to launch attacks on
end-users, which underscores the importance of maintaining a strong security
posture no matter where you go and what you do on the Internet."
Attackers
are leveraging site-specific vulnerabilities
that can then be used as a means for launching other attacks. During the
last six months of 2007, there were 11,253 site specific cross-site scripting
vulnerabilities reported on the Internet; these represent vulnerabilities
in individual Web sites. However, only 473 (about 4 percent) of them had been
patched by the administrator of the affected Web site during the same period,
representing an enormous window of opportunity for hackers looking to launch attacks.
Phishing
also continues to be a problem. In the last six months of 2007, Symantec
observed 87,963 phishing hosts - computers that can host one or more phishing
Web sites. This is an increase of 167 percent from the first half of
2007. Eighty percent of brands targeted by phishing attacks during the
study period were in the financial sector. Malaysia registered the second
highest number of phishing sites among SEA countries, with social networking
sites as the main target.
The report
also found that attackers are seeking confidential end-user information that
can be fraudulently used for financial gain and are less focused on the
computer or device containing the information. In the last six months of
2007, 68 percent of the most prevalent malicious threats reported to Symantec
attempt to compromise confidential information.
Finally,
attackers are leveraging a maturing underground economy to buy, sell and trade
stolen information. This economy is now characterized by a number of traits
common in traditional economies. For example, market forces of supply and
demand have a direct impact on pricing. Credit card information, which
has become plentiful in this environment, accounted for 13 percent of all
advertised goods-down from 22 percent in the previous period and sold for as
low as $0.40.
The price of
a credit card in this underground market is determined by factors such as the
location of the issuing bank. Credit cards from the European Union, for
example, cost more than those from the United States; this is most likely due
to the smaller supply of cards circulating in the E.U which makes the card more
valuable to a criminal. Bank account credentials have become the most
frequently advertised item making up 22 percent of all goods and selling for as
little as $10.
Comments
Comment on this article
|
typical malaysia boleh attitude at work as usual trying to break records...lol 
