Cyber criminals are quieter, and sneakier
While early hackers wanted to make a big splash by attacking as many computers as possible in a show of genius and savvy for taking down network, now criminals don't want to be detected. Takeovers are done in a slow, methodical fashion.
"If you can go as slow and stealthily as possible and take over systems in a selective manner, you don't get caught. By not getting caught, you can use the systems you've taken over for a variety of purposes."
Geyer said sites in the United States are consistently the top target worldwide. China is usually second and many countries in Western Europe also in the top ten.
In the first few years the report was published, the number of vulnerabilities in operating systems and software increased annually. The good news is that has begun to change in the last 18 months, said Geyer. Vendors have become more proactive about patching. The bad news is hackers have taken on other techniques to exploit a system and are focusing more on site-specific vulnerabilities.
"Site-specific vulnerabilities are lot harder problem to solve," said Geyer. "You can't just send out a patch and protect everyone if the problem is site-specific."
Large organizations were the main target of attacks less than a decade ago; now the end user is the primary target, said Geyer. Phishing web site hosts are dramatically increasing and so are new variants of malware.
"In past 18 months, the increase is just staggering. So much is being introduced, organizations are having tough time. A lot of it is the same piece of malware that is tweaked to be slight variant of other pieces already written. It just shows how easy it is to write it and also that there is true financial gain. This is proving to be a good business model for people in the underground economy."