Malicious activity in emerging regions a threat to all business, says Symantec

Although this trend has been noted before, it became more pronounced in 2009, according to Symantec's latest Global Internet Security Threat Report.

This is having a significant impact on organisations outside those regions, said Kevin Hogan, senior manager security response for the EMEA region at Symantec.

Many organisations have offshore IT operations in countries such as India either directly or indirectly through outsourcing suppliers, he told Infosecurity's sister publication, Computer Weekly.

In malicious activity rankings, India moved up from 11th position in 2008 to fifth in 2009, while Brazil moved up from fifth position to third, according to the Symantec report.

"Security threats that have come and gone in other parts of the world often linger in emerging countries where they can be passed on to US and European companies through offshore operations," he said.

Organisations need to recognise their dependency on the security of their own offshore operations and those of their outsourcing suppliers, said Hogan.

"Some organisations that were affected by the December cyber attacks first reported by Google the following month were not directly targeted", he said.

An outsourcing organisation passed on the Hydraq Trojan infection of one of its targeted clients to other clients, providing evidence that this type of security risk is real, said Hogan.

Security risk assessments should, therefore, include an inspection of all offshore and outsourcing operations, he said.

Most of the other trends highlighted by the report remain largely the same as they have for the past two to three years, said Hogan.

Targeted cyber attacks, for example, continue to be a problem, but awareness of this kind of attack has been heightened since Google announced publicly that it had been hit along with at least 20 other big US companies.

Although awareness of this type of attack is good, Hogan said it was important not to place too much emphasis on targeted attacks to the detriment of other types of threat.

The report also highlighted continuing trends of attack tookits making cybercrime easier than ever and the unabated growth of web-based attacks.

A toolkit called Zeus (Zbot) can be purchased for as little as $700 online to automate the process of creating customised malware for stealing personal information the report said.

Researchers also found that 2009 saw a dramatic growth in the number of Web-based attacks targeted at PDF viewers, which accounted for 49% of Web-based attacks, compared with 11% in 2008.

This article was first published by Computer Weekly

What’s Hot on Infosecurity Magazine?