provided by: 
Originally published at Internet.comAn underground economy of sophisticated cyber-criminals wants your proprietary data, and it's counting on lax policies and procedures around employees' mobile connections as one avenue toward securing that information.
That's the main point of security software vendor Symantec's latest Internet Security Threat Report. Of course, the threat in the last couple of years hasn't been the geek-next-door hacker trying to gain notoriety with his exploits as much as it has been criminals looking to make a killing.
But what Symantec now finds is that there's a thriving economy of bad guys with various malware skills working together to fuel this underground economy. The result of these parties working in an organized fashion, says Kelly Martin, Symantec security response group product manager, is a new level of sophisticated attacks.
"They are very silent, quite stealth attacks," she says, hard to discover and difficult to remove. "They're building a business around malicious threats. One individual may have expertise in writing Trojan horses, and he can sell it underground to someone who has expertise with bot networks or phishing attacks."
Combining these has the potential to create larger, coordinated attacks aimed at compromising systems and collecting confidential information that can then be sold on underground economy servers. It's a vicious cycle, and Symantec says it has seen both an increase in the amount of malicious code and confidential information being sold.
'Evil Twin' Access Points
So far, most of these threats remain targeted at the home user, but corporate and government IT and security personnel have to raise their own defenses, especially as it relates to client applications. And especially in a world in which so many mobile employees are connecting into the network from random wireless access points at airports or other locations.
"Wireless access points can be manipulated by attackers creating fraudulent access points or "evil twin" points," she says.
From there, attackers can launch various kinds of interoperable attacks or phishing schemes, or watch what an employee is doing, who they are connecting to, and collect that information.
"It's quite dangerous because they can collect proprietary information," she says. "The reality is these access points tend to be less secure. We don't want to dictate what IT administrators should do at this point, but they need to be aware of this situation and build policies -- and absolutely make sure that users are using the VPN."
All the usual standard precautions apply to combat the threats, such as intrusion prevention technology and application-based firewalls.
"We've said that for a long time, but it becomes more important with these wireless access points," says Martin. But education is a real necessity here: "Not only do we need to have these Internet security solutions, but we need to be more cognizant about what we do, and when we do it."
According to the report, in the last six months of 2006, threats to confidential information made up 66% of the volume of the top 50 malicious code reported to Symantec. In the first half of the year, that figure was just 48%. Threats that allow remote access made up 84% of the volume of confidential data threats in the last six months of 2006, and keystroke logging threats made up 79% of confidential information threats by volume of reports. Threats that could be used to export user data accounted for 62 percent of confidential data threats. The government sector accounted for the majority (25%) of data breaches that could lead to identity theft, according to the report.
Author: Jennifer Zaino
Read article at Internet.com site