Last year was a turning point for cyber attacks. It was the year when the predominant threats on the Internet transitioned from being perpetrated by hobbyist hackers to criminals.This is according to a recent report issued by Counterpane Internet Security Inc., a Mountain View, Calif.-based provider of network protection services, and MessageLabs Ltd., a provider of messaging security with regional headquarters in New York City.
"Security threats have rapidly evolved," says Bruce Schneier, founder and chief technology officer of Counterpane. "In just 12 months, cyber-criminals have moved away from deploying large-scale generalized attacks ... toward carefully engineered attacks calculated for precise outcomes." This approach is epitomized by 2005's epidemic of identity theft and financial fraud, he says.
In 2005, the financial services sector received the most Trojan attacks and the most probes/enumeration attacks at close to 40% and 30% worldwide, respectively. What's more, the insurance/real estate sector received the highest rate of direct hacker attacks at 25%, and the second highest rate of spyware attacks at 29.5%.
The Federal Bureau of Investigation in its 2005 Computer Crime Survey estimates the financial loss suffered by an organization due to a Trojan virus or worm to be at least $38,000 per incident, according to the report.
As for the average loss suffered by an organization due to financial fraud, the FBI survey estimates $13,000 per incident, with large institutions more likely to be attacked more often.
Cyber attacks will cause greater damage to companies in the coming years, warns Schneier. "We estimate that some malware with a modest infection rate could cost a small company $83,000 a year," he says. For larger companies, with a deeper infection, the cost could be as high as $1 million or more.
