The evolving threat landscape
Online electronic attacks over the past five years have evolved from being directly against an Internet site to attacking the users of that site where the security and controls are weaker. The motivation for attacks has shifted from being for kudos to being for financial gain.

In this time an industrialisation of eCrime has happened, with specialists now selling their skills and knowledge rather than using it directly, allowing non-technical attackers access to tools that they previously would not have had. This has allowed ever greater numbers of attackers to enter the ecosystem, with a lower cost of entry.

The Internet is now where the majority of data responsible for financial losses is compromised, via such techniques as:
•    phishing
•    trojans
•    ‘man in the browser’
•    botnets
•    electronic espionage
•    419 scams
•    online database compromises
•    denial of service attacks
•    brand abuse

Attacker capabilities are continually evolving as they are locked in an arms race that shows no sign of ending due to the high profitability of the attacks. The majority of their efforts have been against online banking and plastic card fraud, but they are now diversifying as confidential information has a high intrinsic value. For this reason targeted attacks against companies are increasing, normally using trojans that are custom written to prevent detection and distributed in spear phishing attacks.