Because of this, fraudsters have a higher chance of fooling users with “phishing” attacks – emails that purport to be from a genuine bank intending to trick people out of their login details and passwords.
Rouland said UK email addresses were easily identifiable, making it easier for cyber criminals to imitate a national bank. The US-based Anti-Phishing Working Group has estimated that 5% of individuals sent such emails fall victim to the scam.
The new trend also highlights the growing commercialisation of Internet crime. “In 2004, hacking has achieved profitability,” said Rouland. He drew a contrast with previous years where hacking tended to focus on vandalism and peer respect rather than the more lucrative practice of teaming up with spammers and virus writers.
Often backed by organised crime, the computer underground is now reinvesting its profits in engineering, making so-called “zero-day” exploits – a virus taking advantage of a previously unknown vulnerability – increasingly common. “The Russian mafia is the sales and marketing arm for computer hackers,” Rouland added.
Cyber criminals are becoming well educated in the principles of good computer science, such as reusing code. Some recent worms even show signs that they have been beta tested in a lab before their release into the wild.
In spite of this growing threat, Tom Noonan, co-founder and CEO of ISS, said that the current rate of growth in security spending is “unsustainable”. He highlighted the growing need for security management and suggested enterprises were moving to all-encompassing security suites.