New security threats affect the Web, warns Symantec

Stealing confidential information on the Internet is becoming increasingly sophisticated and tricky to monitor as it can hit legitimate websites, Symantec’s security intelligence chief told EURACTIV, warning that 1.6 million new malicious threats have been identified in 2008 alone.

The online world is changing rapidly, bringing with it a series of new risks. The most common type of online fraud – phishing, which draws Web users to fake websites mirroring the sites of genuine companies – is becoming rapidly outdated, according to Dean Turner, director of Web security firm Symantec’s global intelligence network.

“Criminals are increasingly targeting trusted websites,” warned Turner, explaining that hackers are now able to corrupt parts or applications of perfectly legitimate websites. Users’ data can be collected simply by clicking the wrong link on a genuine site.

“Threats are invisible, they are in the background. Your computer is redirected to another website, usually located in another country, which drops trojans in your system. They capture information and send it to other computers. Data are usually stored in external servers and then sold in the underground economy,” explains Turner.

A trojan is an application which, like the famous Trojan horse in the Greek epic, is installed on unsuspecting Web users’ computers. Upon infiltrating a system, it is able to send back information about everything that has been typed in, including user names, passwords and security codes. Such sensitive information can easily be used to steal money directly or sell it to other potential fraudsters.

And this is just the tip of the iceberg. “The growth of security threats is astronomical. 1.6 million new malicious threats were registered in 2008, a 165% increase,” Turner explained.

It is obvious that companies like Symantec, or its rival McAfee, have a direct interest in the growth of such threats, as they are currently the only security companies operating on the Net. Turner predictably dismissed all such allegations against his company. “That’s like blaming a doctor for a disease,” he said. What is certain is that Symantec’s turnover is steadily increasing as new Internet dangers emerge.

In any case, a secure means of avoiding annoyances and fraud related to online banking and the use of payment cards on the Web is for users to change their password every time. It is better to use codes which do not need to be typed in, but can be activated by mouse.

Buying online remains a risky activity from secure websites too, Turner warned. “If you have a piece of malware in your computer it could be a problem,” he acknowledged, citing payment cards as the easiest target for fraudsters, in comparison with more secure Internet-based modes of payment like PayPal.

According to the 2008 annual report on the security of the Web published by Internet security firm Symantec in April, the black market for personal data, especially financial information, is thriving (EURACTIV 16/04/09).

Information about credit cards represented 32% of data illegally available online in 2008, compared to 21% in 2007. The volume of bank account details on sale rose from 17% to 19% in the same period, according to the report.

The data is used to carry out financial fraud, which not only hits the victims but the entire e-commerce and electronic payment markets too, both of which are strongly promoted by the European Commission.

Subscribe to our newsletters