[kictanet] New security threats affect the Web, warns Symantec

alice alice at apc.org
Thu May 28 17:07:37 EAT 2009 

28 May 2009 <http://www.euractiv.com/en/Archive?sevenDays>
News
http://www.euractiv.com/en/financial-services/new-security-threats-affect-web-warns-symantec/article-182587


  New security threats affect the Web, warns Symantec[fr
  <http://www.euractiv.com/fr/services-financiers/internet-face-nouvelles-menaces-scuritaires-avertit-symantec/article-182592>][de
  <http://www.euractiv.com/de/finanzdienstleistungen/symantec-warnt-neue-sicherheit-bedroht-netz/article-182593>] 


Published: Monday 25 May 2009   

Stealing confidential information on the Internet is becoming 
increasingly sophisticated and tricky to monitor as it 
can hit legitimate websites, Symantec's security intelligence chief told 
EurActiv, warning that 1.6 million new malicious threats have been 
identified in 2008 alone.


      Background:

According to the 2008 annual reportPdf external 
<http://eval.symantec.com/mktginfo/enterprise/white_papers/b-whitepaper_internet_security_threat_report_xiv_04-2009.en-us.pdf> 
on the security of the Web published by Internet security firm Symantec 
in April, the black market for personal data, especially financial 
information, is thriving (EurActiv 16/04/09 
<http://www.euractiv.com/en/financial-services/report-online-black-market-personal-data-thriving/article-181321>).

Information about credit cards represented 32% of data illegally 
available online in 2008, compared to 21% in 2007. The volume of bank 
account details on sale rose from 17% to 19% in the same period, 
according to the report.

The data is used to carry out financial fraud, which not only hits the 
victims but the entire e-commerce and electronic payment markets too, 
both of which are strongly promoted by the European Commission.


      More on this topic:

ListNews:   Report: Online black market for personal data thriving 
<http://www.euractiv.com/en/financial-services/report-online-black-market-personal-data-thriving/article-181321> 



      Other related news:

    * MasterCard agrees to lower cross-border fees
      <http://www.euractiv.com/en/financial-services/mastercard-agrees-lower-cross-border-fees/article-180894>

    * Pittella: EU search engine to counter low financial mobility
      <http://www.euractiv.com/en/financial-services/pittella-eu-search-engine-counter-low-financial-mobility/article-173042>

    * Parliament pushes for Ryanair model for banks
      <http://www.euractiv.com/en/financial-services/parliament-pushes-ryanair-model-banks/article-173046>

    * EU: Flights and restaurants risky for payment cards
      <http://www.euractiv.com/en/financial-services/eu-flights-restaurants-risky-payment-cards/article-172019>

    * Commission investigates Visa's cross-border card fees
      <http://www.euractiv.com/en/financial-services/commission-investigates-visa-cross-border-card-fees/article-171160>


The online world is changing rapidly, bringing with it a series of new 
risks. The most common type of online fraud - phishing, which draws Web 
users to fake websites mirroring the sites of genuine companies 
- is becoming rapidly outdated, according to Dean Turnerexternal 
<http://www.symantec.com/about/news/resources/press_kits/bio.jsp?bioid=dean_turner>, 
director of Web security firm Symantec's global intelligence network.

"Criminals are increasingly targeting trusted websites," warned 
Turner, explaining that hackers are now able to corrupt parts or 
applications of perfectly legitimate websites. Users' data can be 
collected simply by clicking the wrong link on a genuine site.

"Threats are invisible, they are in the background. Your computer is 
redirected to another website, usually located in another country, which 
drops trojans in your system. They capture information and send it to 
other computers. Data are usually stored in external servers and then 
sold in the underground economy," explains Turner.

A trojan is an application which, like the famous Trojan horse in the 
Greek epic, is installed on unsuspecting Web users' 
computers. Upon infiltrating a system, it is able to send back 
information about everything that has been typed in, including user 
names, passwords and security codes. Such sensitive information can 
easily be used to steal money directly or sell it to other potential 
fraudsters.

And this is just the tip of the iceberg. "The growth of security threats 
is astronomical. 1.6 million new malicious threats were registered in 
2008, a 165% increase," Turner explained.

It is obvious that companies like Symantec, or its rival McAfee, have a 
direct interest in the growth of such threats, as they are currently 
the only security companies operating on the Net. Turner predictably 
dismissed all such allegations against his company. "That's like 
blaming a doctor for a disease," he said. What is certain is that 
Symantec's turnover is steadily increasing as new Internet dangers emerge.

In any case, a secure means of avoiding annoyances and fraud related to 
online banking and the use of payment cards on the Web is for users to 
change their password every time. It is better to use codes which do not 
need to be typed in, but can be activated by mouse.

Buying online remains a risky activity from secure websites too, Turner 
warned. "If you have a piece of malware in your computer it could be a 
problem," he acknowledged, citing payment cards as the easiest target 
for fraudsters, in comparison with more secure Internet-based modes of 
payment like PayPal.

More information about the KICTANet mailing list