Cyber-criminals turn to extortion and fraud

Governments, financial services firms and manufacturing companies are now the top targets for security attacks, according to research published today by IBM.

The first half of this year has seen a whopping 50 per cent increase in what Big Blue calls "customised" attacks.

IBM's monthly Global Security Index reported that "for profit" attacks have been predominantly directed at government agencies, financial services companies, healthcare organisations and large multinationals particularly in the aerospace, petroleum and manufacturing industries.

The report said that there were more than 237 million security attacks in the first half of the year. Governments were the most targeted sector, with more than 54 million attacks, while manufacturing ranked second with 36 million, financial services third with 34 million, and healthcare fourth with more than 17 million.

IBM reported a resurgence of targeted phishing attacks for money laundering and identity fraud purposes, believed to be largely driven by criminal gangs that have become more astute in the creation and delivery of such attacks.

There were more than 35 million phishing attacks launched to steal critical data and personal information for financial gain.

Next-generation phishing threats such as "spear phishing", which involve highly targeted and co-ordinated attacks at a specific organisation or individual to extract critical data, increased more than tenfold since January.

Unlike in previous years, when viruses were mainly created and launched to slow down and cripple IT systems, these types of attacks have shown their potential to defraud businesses, steal identities and intellectual property and extort money, while damaging the brand and eroding customer trust.

The ratio of spam to legitimate email has decreased over the past six months, from 83 per cent in January to 67 per cent in June 2005, while virus-laden email increased 50 per cent over the same period, according to the report.

John Lutz, general manager for the financial services sector at IBM, said: " To protect critical data, infrastructure, brands and money we advise businesses to rethink how they protect their operations, processes and governance structures.

"Companies can employ the latest protective technology, while ensuring that their own customers get the highest level of protection available."