And most homes and some small businesses are unaware that their standard security systems are being exploited by organised criminals Internet security attacks against businesses and other organisations continued to escalate last year, with the financial services community taking the hardest hits among all sectors. 'This is a case of attackers simply going after the money,' said David Sykes, senior director for Asia-Pacific enterprise sales at security firm Symantec. He said financial gain was behind the trend in attacks as malicious code developers and hackers teamed up with criminal organisations to retrieve sensitive user information through phishing scams and to control personal computers through bot programs. Data from Symantec's latest Internet Security Threat Report, which tracked security incidents worldwide from July 1 to December 31 last year, showed organisations saw an average of 13.6 attacks a day, up from 10.6 in the previous six months. There were more than 7,360 new Windows-based viruses and worms last year, up 64 per cent over the first six months. 'We found the financial services industry experienced 16 severe events per 10,000 security events, the highest ratio of any industry,' Mr Sykes said. The hi-tech sector was the second most frequently attacked industry worldwide, while health care ranked third, according to the Symantec report. The United States, with 38 per cent share, was the top country of origin for attacks detected by Symantec sensors in the financial sector worldwide. 'The US continues to have more internet users than any country at present, which may explain the high level of attack activity originating there,' Mr Sykes said. China and South Korea - with 7per cent and 5 per cent respectively - were the second and third highest sources of attacks against the global financial sector. Programs that exposed financial information made up 54 per cent of the top 50 malicious code samples Symantec gathered in the second half last year, up from 44 per cent in the first half. Mr Sykes said Symantec believed the use of botnets, which are networks of compromised PCs controlled remotely by hackers through inserted bot programs, would increase despite the recent drop in those tracked in the second half of last year. A report released early this month by London-based corporate security systems provider mi2g described computers used at home and by small firms worldwide as 'the Achilles heel in the digital ecosystem'. It found that most homes and some small businesses were unaware that their standard security systems were being exploited by organised criminals, radical groups and spies through malicious programs such as bots and spyware. 'The standard compendium of anti-virus toolkit, firewall and patch regime is unlikely to prove adequate, especially for those small and medium-sized enterprises and individuals who can ill afford specialist security expertise for their [always on] broadband online and wireless connection,' it said. The Symantec report said the next most common malicious code sample found in the Asia Pacific, after the mass-mailing Netsky worm, was Gaobot, a bot program that allows an attacker to remotely control a compromised computer. Phishing, an activity that botnets are used for, has evolved from simple attempts to obtain small items of data such as gaming passwords to all-out identity theft using fraudulent messages and spoofed websites. Symantec found an average 4.5 million fraud messages a day in the second half of last year, up from a million a day in the first half. Spam activity has also risen dramatically worldwide. Symantec said spam had increased from an average 800 million spam messages a week to more than 1.2 billion spam messages a week by December last year. 'We have seen increased demand for network security solutions over the past year,' said Fredy Cheung, managing director at Cisco Systems Hong Kong. 'Financial institutions are looking to adopt a stronger network security approach to enhance their networks' overall ability to identify, prevent and mitigate security threats.' The mi2g report calculated last year's global economic damage from all types of digital risk - including overt and covert digital attacks, malware incidence, phishing scams, distributed denial of service and spam - was between US$470 billion and US$578 billion. 'At an estimated 1.2 billion computer units worldwide, the damage per machine lies between US$390 and US$480,' it said. It forecast the 'digital damage per machine' figure would exceed the price of a basic computer. With security as the top priority for organisations in Asia Pacific excluding Japan, research firm International Data Corp forecast the region's security solutions market to increase to US$4.9 billion in 2008 from US$1.9 billion in 2003.