A NEW report on Internet security in the Asia-Pacific, including Japan (APJ), to be released here today, shows that attackers are now refining their methods and consolidating their assets to create and control cross border networks that support coordinated criminal activity.
The APJ Symantec Internet Security Report by Symantec Corporation covers the Internet security environment in the second half of last year and is part of Symantec's global Internet Security Report, a six-monthly update on threat activity.
Speaking to BizIT, Mark Bregman, Symantec's executive VP and chief technology officer, said his company had, for the first time, put out a report dedicated to the APJ region in recognition of the rapid growth of Internet usage in the region.
The report found that about 98 per cent of the targets in APJ were people using computers at home. 'Clearly there is less security sophistication among home users . . . New Internet users need to be educated as attackers are taking advantage of the relatively limited security measures and practices to gain access to confidential information - such as banking information - on home computers and from there commit identity theft,' Mr Bregman said. Globally, 93 per cent of targets are home users.
Threats to confidential data made up to 60 per cent of the volume of the top 50 malicious code reports from the region, Mr Bregman noted.
According to him, China was the country of origin of the highest percentage of attacks in the APJ region, accounting for 39 per cent of total attacks. However, on a global basis, the US was the top source of attacks against APJ-based computers, while China came in at No 2.
In APJ, South Korea with 16 per cent and Taiwan with 14 per cent, were second and third in country of origin of threats in the regional list. China, South Korea and Taiwan are also in the top 10 countries for malicious activity worldwide.
Singapore was placed eighth with just 2 per cent of attacks originating from APJ sourced out of the Republic. 'Singapore, being a financial hub in the region, is more susceptible to phishing attacks (and) Singaporeans being more conversant in English are also potential targets for worms and spam that use social engineering messages written in English,' Mr Bregman said.
Phishing, pronounced 'fishing', is an elaborate scam to steal information such as credit card details and passwords.
Mr Bregman, who is also in charge of Symantec Research Labs and is responsible for the development centres in India and China, said the current threat environment is characterised by an increase in data theft, data leakage, and the creation of malicious code that targets specific organisations for information that can be used for profit motives.
According to him, the attacks tend to be modular and coordinated. Instead of exploiting high-level vulnerabilities and attacking high-profile targets, attackers are now discovering and exploiting medium-level vulnerabilities in Web applications, browsers and other third party applications, establishing a foothold from which to launch subsequent, and more malicious, attacks.
Symantec observed an average of 19,095 active and distinct bot-infected computers per day in the APJ region. On average, APJ accounted for about 30 per cent of active bots worldwide.
Bot, short for robot, is a program that performs a repetitive function such as posting a message to multiple newsgroups or searching for information or news. It also allows a computer to be remotely controlled to perform that function. A host of computers connected thus is called a botnet. A botnet, comprising a large number of compromised computers, can be used to create and send spam or viruses or flood a network with messages as a DoS (denial of service) attack.
A DoS assault floods a website with so many additional requests that regular traffic is either slowed or completely interrupted. Unlike a virus or worm, which can cause severe damage to databases, a DoS attack interrupts network service for some period.
China had 71 per cent of all the bot-infected computers in the APJ region, while Taiwan accounted for 11 per cent. China also has the highest number of broadband users in the region. The higher bandwidth helps to control computers and use them to send spam.
Bot networks use command-and-control servers to relay commands to bot-infected computers on their networks. 'Since China has relatively few command-and-control servers compared to bots, it is likely that many of the bots located in China are being controlled by attackers in other countries,' Mr Bregman noted.
As a result, the number of attacks originating in China that targeted APJ-based computers may actually be lower than expected because attackers outside China could be using those bots to make attacks against targets in their own country, not against China itself, he added.
While China was the major origin of attacks in the APJ region, it was also the biggest victim. The survey showed that 63 per cent of the DoS attacks in APJ are targeted at China. The report suggests that this could be so because a large number of websites are hosted in that country.
South Korea was targeted by the second highest number of DoS attacks in APJ - 13 per cent, which was up from 10 per cent in the first half of 2006.
There's also a trend of DoS attacks launched at online game servers in an effort to disrupt games or in an extortion attempt. 'Online games will continue be the focus of malicious activity in APJ as two of three new malicious codes reported in APJ were password stealers for online games.'
Mr Bregman added that the general trend in APJ is very much consistent with what is happening in the rest of the world in that malicious attacks today revolves around stealing confidential information for the purpose of financial gain. 'Threat activity has moved into the realm of 'industrial espionage' and 'identity theft',' he added.
This article first appeared in BT on March 22, 2007
