USA Today notes ominous shift in Web intrusions: They are becoming more stealthy and targeted – and honed to make a quick buck. Profit-minded intruders are increasingly carrying out “zero-day” attacks that exploit new security vulnerabilities on the same day such flaws become generally known, weeks before patches are available, according to The SANS Institute security training center. Security experts say there is no protection against such intrusions because they bypass all of your computer’s security devices.
The pattern breaks from the hacker tradition of swamping the Internet with nuisance viruses mainly for bragging rights. Instead, security experts are seeing “wave after wave of smaller, more intense attacks to get on your machine and steal useful information,” says a Symantec executive. Meanwhile, identity data held by corporations and government agencies is being widely exposed on the Web by unsuspecting insiders, according to a survey of 100 organizations by security firm Reconnex.