Attacks on businesses, particularly financial institutions, show no sign of abating despite concerted efforts to reduce them, according to Computers, Networks and Theft: Part 2, a new report published by Kaspersky Lab. The report found that, against expectations, attacks on such establishments in the first half of 2006 increased by 17 per cent on the last six months of 2005.

Computers, Networks and Theft Part 2 provides an overview of criminal attacks on organisations, companies and institutions. These attacks can be divided into two categories: attacks on the organisation's resources, and attacks which target the organisation's clients.

The findings of the report are bad news for the many financial organisations that in the middle of 2005 began implementing procedures to protect their clients from data theft. Initially, the measures – that included the introduction of two-part authentication, among others - appeared to be having an effect, as attacks dropped in Q3-4 2005 by 13 per cent on the previous six-month period. Despite this, attacks in the first half of 2006 rose by 17 per cent. Since 2003, attacks have increased year-on-year by an average of 39 per cent.

The report also examines the rise in data theft aided by insiders at the victim organisation. Yury Mashevsky, Virus Analyst at Kaspersky Lab says: “Kaspersky Lab analysts are encountering spy programs written with the aid of insider information more and more frequently. For instance, there have been malicious programs created where malicious users have used internal logins and passwords from the organisation under attack, as well as knowledge of the internal database structure of a specific organisation. Withstanding an attack conducted using insider knowledge is extremely difficult, but it is possible.”

Also highlighted is the rise in the number of malicious programs capable of attacking the users of several payment systems simultaneously. For example, Trojan-Spy.Win32.Banker.asq targets almost 50 financial systems and institutions at the same time, including Paypal, Caixabank, Postbank in Germany, and many other institutions around the world.

While financial institutions are an obvious target for cyber-criminals, the report found other less obvious organisations attracting unwanted attention from hackers. For example, Kaspersky Lab analysts detected malicious programs targeting the clients of tour firms and transport companies.

Attacks on organisations themselves, rather than on their clients, are also now commonplace and include scams, blackmail and ransom demands. However, the report finds that the most common type of cyber-crime against organisations is the theft of confidential data. Mashevsky says: “Recently, scammers have shown more and more interest in users’ personal data: email addresses, social security numbers, accounts for online games, and even PIN codes which, it seems, a great number of institutions store in internal databases. It’s not difficult to make a profit from stolen databases: there's certainly a demand for them, which enables malicious users to make a good profit, spurring them on to commit further similar crimes.”