NEW YORK and LONDON (12/18/07)--2007 has been a year of diversity in new tactics by cybercriminals, with the emergence of new threats targeting social networking, says a new security report. That's important to credit unions because some credit unions are attempting to attract younger members through social networking programs. Also the study has seen an increase in attacks against individuals in the financial sector. According to MessageLabs Intelligence 2007 Security Report, websites such as Facebook, Linked-In and Plaxo present rich pickings for criminals phishing for information to use in identity theft and targeted attacks (ENP Newswire
Dec. 10). This year, several waves of attacks targeted primarily C-level and senior executives. Levels rose from one attack per day in 2006 to more than 1,100 during a 16-hour period in September 2007, said MessageLabs, which provides messaging and web security services to businesses worldwide. The most recent wave occurred in November, when the first sector-specific attack took place with almost 1,000 individual attacks aimed at the financial sector, said the study. Social networking tools are the third-most commonly triggered policy-based filtering rule on the company's services. "The rapid adoption rate of social networking sites such as Facebook has inevitably been exploited by cyber criminals intent on adding the content in these sites to their portfolio of tools," said Mark Sunner, chief security analyst at the company. "As we have seen in the past, mass adoption of new communication or web-based tools is often followed by a rise in the number of threats against it, and the Facebook effect will present new challenges to corporate and personal online security," Sunner added. The rise in targeted attacks is matched by an increase in phishing attacks, which shadowed the number of virus attacks at two separate points in January and June. Phishing attacks accounted for 66% of all malware attacks, compared with an average of 24.8% in 2006, said the report. Among the top trends for 2007 cited in the report:
* Web security: An average of 1,253 new websites a day harbored malware, equal to almost half a million new malicious websites appearing during the year. * Spam: The annual average spam rate in 2007 was 84.6%, a slight decline from 86.2% in 2006. However, the portion of spam that is new and previously unknown increased by 10%. * Viruses: The average virus level for 2007 was one virus for every 117.7 e-mails, or 0.8%--a decline from 0.6% in 2006, when about one in 67.9 e-mails contained viruses. September saw the highest ratio experienced in the previous 18 months, with one in 48 e-mails containing a virus or Trojan. * Phishing: The number of phishing attacks increased to one in 156 e-mails during 2007, compared with one in 274.2 e-mails in 2006. Phishing attacks have widened their targets from drefrauding major international banks and financial organizations to also targeting smaller, national and state banks and credit unions.