Stats show rise in security attacks motivated by money

3 Aug 2005

Virus-laden emails are on the increase, as are profit-motivated attacks against the government, financial services, manufacturing and healthcare sectors, new figures show. The data also reveals Ireland is the lowest source of attacks out of 20 surveyed countries.

At the same time, security risks that have no financial benefit are decreasing, according to data released by IBM. The company’s Global Business Security Index has found spam and ‘simple’ viruses are giving way to attacks with the purpose of stealing information, identities or defrauding people of money.

The report found more than 237 million overall security attacks in the first half of this year. The government was the most targeted sector with 54,422,919 attacks; manufacturing was in second place with 35,793160 attacks, financial services was third with 34,093590 and healthcare was hit by 17,160471 attacks.

There has also been a resurgence in targeted phishing attacks for money laundering and identity fraud purposes, IBM said. These incidents are thought to be driven largely by criminals that have become more astute in creating and implementing such attacks. In the first half of the year there were more than 35 million phishing attacks to steal critical data and personal information for financial gains.

IBM’s findings indicate the ratio of spam to legitimate email continuously decreased over the course of the first six months of this year; having been 83pc in January they stood at 67pc in June. Meanwhile virus-laden email increased 50pc over the same period. In January, one in every 35 emails contained some form of malware; by June, the number had grown to one in 28. By contrast, in January 2004 this figure was one in every 129 emails.

IBM has concluded that hijacking computers to send spam is no longer the network disruption of choice. Instead, it believes hackers have turned toward more criminal and lucrative areas of directing attacks to specific individuals or organisations, often financially, competitively, politically or socially motivated.

Among the statistics thrown up by the IBM report was that Ireland was the lowest source of attacks by location between January and June. Some 30,122 attacks originated in this country, putting it in last place out of 20 countries surveyed. The US was the source of 12,126757 attacks, which put it in first place by a considerable distance. New Zealand registered barely one tenth of that number of 1,034820 attacks with China in third place (974570 attacks).

The report also analysed attacks by category for the same period. Reconnaissance attacks – probes to discover what devices, software or vulnerabilities may exist – were highest on the list, accounting for more than 108 million recorded incidents.

By Gordon Smith