WASHINGTON, April 6 (UPI) -- Criminal gangs and criminally minded individuals acting on their own are becoming more ambitious and sophisticated as they target increasing numbers of computer users in homes and offices, data collected for a global survey of trends and risks indicated.
Added to that growing threat was the rise of campaigning hackers who attacked major Web sites including banks that withdrew support to WikiLeaks during the controversy over its publication of U.S. diplomatic cables and subsequent arrest of WikiLeaks founder Julian Assange, said the X-Force 2010 Trend and Risk Report, released by International Business Machines Corp.
The IBM X-Force Report reveals three main threats that demonstrate how attackers increasingly targeted people using the Internet for monetary gain or data theft.
The number of malicious Web links has skyrocketed globally in the past year.
Phishing activity, in which an attacker attempts to acquire sensitive information by masquerading as a legitimate organization, also increased dramatically.
Vulnerability disclosures for document readers and editors continued to soar, specifically with Portable Document Format documents.
The severity of cyberthreats in 2010 was indicated by IBM experts identifying "8,000 new vulnerabilities that did not exist in 2009," said the report.
"From a security standpoint, 2010 is most remembered as a year marked by some of the most high-profile, targeted attacks that the industry has ever witnessed," said the report.
IBM analyzed data from 4.7 trillion security events over the course of 2010 -- about 150,000 every second.
Phishing, involving identity theft mainly for financial gain, gave way to "spear phishing" -- e-mail spoofing fraud attempts that target a specific organization, seeking unauthorized access to confidential data.
As with the e-mail messages used in regular phishing attacks, spear phishing messages appear to come from a trusted source, such as an individual within the recipient's own company or someone in a position of authority.
"The numerous, high-profile targeted attacks in 2010 shed light on a crop of highly sophisticated cybercriminals, who may be well-funded and operating with knowledge of security vulnerabilities that no one else has," Tom Cross, threat intelligence manager for IBM's X-Force, said in a news release.
"From Stuxnet to Zeus Botnets to mobile exploits, a widening variety of attack methodologies is popping up each day," he said.
IBM said the evolving activity of the online underworld had alerted the electronic security industry to the phenomenon of cyber criminals becoming more ambitious with their attacks.
"Cybercriminals are graduating from stealing credit cards and banking credentials to targeting corporate plans and proprietary information," said Graham Titterington in a report for Ovum PLC, which provides consulting, research and analysis services for technology, telecommunications and business sectors.
No longer satisfied with online retail scams and identity theft, hackers are going after data supporting key infrastructures such as stock exchanges and industrial facilities, which tend to be more lucrative targets.
As smartphones and tablets find their way into the hands of virtually every business executive across every industry, hackers are shifting focus to mobile platforms as a way of accessing that data.
IBM said that in 2010 it documented increases in the volume of vulnerabilities disclosed in mobile devices as well as the disclosure of exploits that target them.
IBM said nearly 44 percent of all vulnerabilities remain unpatched and continue to be exploited long after their existence has been made public.
"Even if those security holes are promptly closed, the rapidly evolving state of cybercrime means hackers will simply make new holes and gain access through them," the report warned.
