Symantec Internet Security Threat Report Identifies More Attacks Now Targeting E-Commerce, Web Applications.CUPERTINO, Calif. -- Short Vulnerability-to-Exploit Window, Rise in Bot Networks, Increase in Severe/Easy-to-Exploit Vulnerabilities Symantec Corp. (Nasdaq:SYMC SYMC Symantec Corporation (stock symbol) ), the global leader in information security, today released its newest Internet Security ''This article or section is being rewritten at Internet security is the process of protecting data and privacy of devices connected to internet from information robbery, hacking, malware infection and unwanted software. Threat Report. The sixth bi-annual report provides analysis and discussion of trends in Internet attacks, vulnerabilities, and malicious code activity for the period of Jan. 1, 2004 to June 30, 2004. "As this latest Internet Security Threat Report demonstrates, exploits are being created more easily and faster than ever, while attackers are launching more sophisticated attacks for financial gain," said Arthur Wong, vice president, Symantec Security Response and Managed Security Services Security services are state institutions for the provision of intelligence, primarily of a strategic nature, but also including protective security intelligence. Examples include the Security Service (MI5) and the Secret Intelligence Service (MI6) in the United Kingdom, and the . "Software vulnerabilities and targeted attacks remain a primary area of concern for organizations and individuals. By publishing a comprehensive and accurate update on Internet threat activity, Symantec is providing the information security community the information needed to effectively secure systems now and in the future." Key Findings Increased Threats to e-Commerce: During this reporting period, e-Commerce was the single most targeted industry, with nearly 16 percent of attacks against it. This represents a 400-percentage increase from the four percent reported during the previous six months. This rise may indicate a shift from attacks motivated by notoriety NOTORIETY, evidence. That which is generally known. 2. This notoriety is of fact or of law. In general, the notoriety of a fact is not sufficient to found a judgment or to rely on its truth; 1 Ohio Rep. to attacks motivated by economic gain. This possibility is further illustrated by an increase in phishing Pronounced "fishing," it is a scam to steal valuable information such as credit card and social security numbers, user IDs and passwords. Also known as "brand spoofing," an official-looking e-mail is sent to potential victims pretending to be from their ISP, bank or retail establishment. scams and spyware designed to steal confidential information Noun 1. confidential information - an indication of potential opportunity; "he got a tip on the stock market"; "a good lead for a job" steer, tip, wind, hint, lead and pass it along to attackers. Attacks Against Web Application Technologies Are Increasingly Popular: Web application technologies are appealing targets for attacks because of their widespread deployment within organizations and the relative ease with which they can be exploited. Web applications allow attackers to gain access to the target system simply by penetrating one end-user's computer, bypassing traditional perimeter security measures Noun 1. security measures - measures taken as a precaution against theft or espionage or sabotage etc.; "military security has been stepped up since the recent uprising" security . Nearly 82 percent of documented Web application vulnerabilities were classified as easy to exploit, thereby representing a significant threat to an organization's infrastructure and critical information assets. Short Time Between Vulnerability and Exploit: According to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. the report, the time between the announcement of a vulnerability and the release of associated exploit code was extremely short. Symantec data indicates that over the past six months, the average vulnerability-to-exploit window was just 5.8 days. Once an exploit has been released, the vulnerability is often widely scanned for and quickly exploited. This short window leaves organizations with less than a week to patch vulnerable systems. Rise in Bot Networks: Adding to concern about the short vulnerability-to-exploit window is the growth in bots bots maggots of flies which infest animals, especially horses and sheep. The term bot is also loosely used to include the invasive maggots such as those of Cuterebra and Wohlfahrtia spp. horse bots see gasterophilus. (short for "robot"). Bots are programs that are covertly installed on a targeted system, allowing an unauthorized user to remotely control the computer for a wide variety of purposes. Attackers often coordinate large groups of bot-controlled systems, or bot networks, to scan for vulnerable systems and use them to increase the speed and breadth of their attacks. Over the past six months, Symantec has seen a large increase in the number of remotely controlled bots. During the first six months of 2004, the average number of monitored bots rose from under 2,000 to more than 30,000 per day -- peaking at 75,000 in one day. Bot networks create unique problems for organizations because they can be remotely upgraded with new exploits very quickly, which could potentially allow attackers to outpace out·pace tr.v. out·paced, out·pac·ing, out·pac·es To surpass or outdo (another), as in speed, growth, or performance. outpace Verb [-pacing, an organization's security efforts to patch vulnerable systems. Increase in Severe, Easy-to-Exploit Vulnerabilities: Symantec documented more than 1,237 new vulnerabilities between January 1 and June 30, 2004, an average of 48 new vulnerabilities per week. Seventy percent of these vulnerabilities were considered easy to exploit, and 96 percent were considered moderately or highly severe. Consequently, organizations must contend with an average of more than seven new vulnerabilities per day, and a significant percentage of these vulnerabilities could result in a partial or complete compromise of the targeted system. Attack Trends --The Slammer A worm that caused a billion dollars worth of damage on the Internet on January 25, 2003. Slammer infected computers all over the Internet by generating random IP addresses and causing the computer's buffer to overflow with its own instructions that replicate itself and start the process worm was the most common attack over the past six months, with 15 percent of attacking IP addresses performing an attack related to it. Gaobot and its variants were the second most common attack, increasing by more than 600 percent over the past six months. --Overall, the daily volume of attacks is decreasing due to a decline in Internet-based worm attack activity over the first six months of 2004. E-Commerce received the most targeted attacks of any industry during this period; small business received the second most. --The United States United States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world's third largest country in population and the fourth largest country in area. was the top attack source country with 37 percent, down from 58 percent in the previous six months. Other countries rose accordingly, indicating that attack activity is becoming more international. --Eighty-seven percent of Symantec Managed Security Services clients with tenure of more than six months successfully avoided experiencing a severe attack. Vulnerability Trends --During the first six months of 2004, the average time between the public disclosure of a vulnerability and the release of an associated exploit was 5.8 days. --The Symantec Vulnerability Database documented 1,237 new vulnerabilities between January 1 and June 30, 2004. Ninety-six percent of documented vulnerabilities disclosed during this period were rated as moderately or highly severe; 70 percent of vulnerabilities were considered easy to exploit; 64 percent of vulnerabilities for which exploit code is available were considered high severity. --In the first half of 2004, 479 vulnerabilities -- or 39 percent of the total volume -- were associated with Web application technologies. Malicious Code Trends --Over the past six months, Symantec documented more than 4,496 new Windows viruses and worms (particularly Win32), more than 4.5 times the number in the same period in 2003. --The number of distinct variants of bots is rising dramatically, increasing by 600 percent over the past six months. --Peer-to-peer services (P2P See peer-to-peer and point-to-point. ), Internet relay chat See IRC. (chat, messaging) Internet Relay Chat - (IRC) /I-R-C/, occasionally /*rk/ A client-server chat system of large (often worldwide) networks. IRC is structured as networks of Internet servers, each accepting connections from client programs, one per user. (IRC (Internet Relay Chat) Computer conferencing on the Internet. There are hundreds of IRC channels on numerous subjects that are hosted on IRC servers around the world. After joining a channel, your messages are broadcast to everyone listening to that channel. ), and network file sharing Copying files from one computer to another. See peer-to-peer network, file sharing protocol and file and printer sharing. continue to be popular propagation The transmission (spreading) of signals from one place to another. vectors for worms and other malicious code. --Adware is becoming more problematic, making up six of the top 50 malicious code submissions. --The first malicious worm for mobile devices, Cabir, was developed. Future and Emerging Trends --Client-side attacks are expected to increase in the near future. Targeted attacks on firewalls, routers, and other security devices protecting users' systems are also a growing security concern. --Symantec expects bot networks to employ increasingly sophisticated methods of control and attack synchronization (1) See synchronous and synchronous transmission. (2) Ensuring that two sets of data are always the same. See data synchronization. (3) Keeping time-of-day clocks in two devices set to the same time. See NTP. that are difficult to detect and locate. Symantec also expects to see instances of port knocking A security method that is used to authenticate a valid user and open a TCP/IP port to accept incoming packets. Firewalls accept or deny packets before any user authentication is performed. As a result, an attacker can gain entrance through the firewall. , a method attackers may use to create direct connections to potential target systems. --Symantec expects that recent Linux and BSD (Berkeley Software Distribution) The software distribution facility of the Computer Systems Research Group (CSRG) of the University of California at Berkeley. vulnerabilities that have been discovered and used in proof-of-concept exploits will be used as exploit-based worms in the near future. Symantec also expects to see more attempts to exploit mobile devices. About the Symantec Internet Security Threat Report Symantec has some of the most comprehensive sources of threat data in the world. The findings of the Internet Security Threat Report are based on data from Symantec DeepSight Threat Management System and Symantec Managed Security Services customers as well as from 20,000 security devices deployed in more than 180 countries. In addition, the report leverages threat data gathered by experts in Symantec's five Security Operations Centers A Security Operations Center is a centralised unit in an organisation that deals with security issues. The Transportation Security Administration (TSA; an agency within the US Department of Homeland Security) has implemented Security Operations Centers (referred to as SOC) and nine Response Labs throughout the world. Symantec also gathers malicious code from more than 120 million client, server, and gateway systems that have deployed Symantec's antivirus products in both consumer and corporate environments. About Symantec Symantec is the global leader in information security providing a broad range of software, appliances and services designed to help individuals, small and mid-sized businesses, and large enterprises secure and manage their IT infrastructure. Symantec's Norton brand of products is the worldwide leader in consumer security and problem-solving solutions. Headquartered in Cupertino, Calif., Symantec has operations in more than 35 countries. More information is available at http://www.symantec.com. NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, please view the Symantec Press Center at http://www.symantec.com/PressCenter/ on Symantec's Web site. All prices noted are in US dollars and are valid only in the United States. Symantec, the Symantec logo, and Brightmail are trademarks or registered trademarks, in the United States and certain other countries, of Symantec Corporation. Additional company and product names may be trademarks or registered trademarks of the individual companies and are respectfully acknowledged. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion