Enterprises were a growing target for cyber-criminals last year, in part because attackers stand to gain considerable sums from corporate intellectual property, according to a report put out by Symantec Corp. Cyber-crooks have been taking advantage of the huge volumes of personal information publicly available on social networking sites to target "key" individuals at corporations, Symantec found. 

Symantec's "Internet Security Threat Report, volume XV," released April 20, outlines major trends in Internet crime during 2009. The research showed that web-based attacks continue to rise as attackers use social engineering techniques to trick a user into accessing malicious websites, which then attack the user's browser or other applications. PDF viewers were especially vulnerable to this type of attack last year.   

The report also found that cybercrime is gaining a foothold in countries with developing broadband infrastructure, including Brazil, India, Poland, Vietnam and Russia. Symantec suggests that enforcement efforts in developed countries may have pushed cyber-criminals to developing countries.

For a few tips on reducing the threat of social engineering attacks, take a look at a post by Chad Perrin on TechRepublic. There are many ways social engineering can be used to compromise a system, Perrin writes. In some cases, an attacker may obtain security information by randomly calling different departments in an organization and claiming to be tech support returning a call, eventually finding someone seeking help and willing to provide information. The best bet is to educate and motivate everyone with security credentials to understand the broad nature of social engineering attacks, he advises. 

 For more:
- see the Symantec press release
- read the Symantec Internet Security Threat Report
- check out Chad Perrin's post at TechRepublic

Related Articles:
Proof of concept attack highlights new weakness in PDF specification
Senators roll out new cybersecurity bill
Malware spike observed in 2008