Symantec`s Internet Security Threat Report, communicated to the SA media today, strikes a cautionary note about the increased prevalence of especially blended threats (a combination of malicious code and vulnerabilities), and the higher propagation rates of worms and other exploits.
<B>Key findings</B>
* The overall rate of attack activity rose by 19%. Companies experienced on average 38 attacks per week in the period measured, compared to 32 attacks last year.
* The number of severe attacks continued to decline from 23% in the first half of 2002 to 11% in this period, "attributable in part to strengthening security postures".
* Attacks are increasingly leveraging worms to carry exploits of known vulnerabilities as a means of creating exposures or security holes on a large number of systems.
* Attackers then install backdoor Trojans on those systems to create large networks of controlled systems (bot nets) that could be used to launch future attacks.
* Symantec documented 1 432 new vulnerabilities, a 12% increase over the previous year.
* More than 994 new Win32 viruses and worms were found, versus the 445 in the corresponding 2002 period.
* Of the top 50 malicious code submissions documented, 19 used peer-to-peer and instant messaging applications - an increase of almost 400% in only one year.
* Submissions of malicious code with backdoors has risen nearly 50%. The most visible attempt at theft of confidential data was the release of Bugbear.B in June 2003.
To be safer, Symantec recommends turning off and removing unneeded services, patching especially computers that host public services and are accessible through the firewall (HTTP, FTP, mail, and DNS services), enforcing a password policy, blocking .vbs, .bat, .exe, .pif and .scr files, isolating infected computers quickly and restoring them after a forensic analysis and reinstalling, using trusted media and training employees on best practices.
Not just e-mail and Web sites, but also instant messaging and peer-to-peer file sharing are increasingly being used as propagation methods, it says.
The report includes analysis of data from Symantec Managed Security Services customers "as well as more than 20 000 DeepSight Threat Management System registered sensors worldwide", which monitor attack activity in more than 180 countries, a press release states.
Symantec reports that the increasing prevalence of blended threats remains one of the most significant security issues. "Blended threats accounted for 60% of malicious code submissions in the first half of 2003, and the number of blended threats increased by 20%. Blended threats continue to be the most frequently reported threat," the company states.
The speed of propagation of blended threats is also increasing. "For example, the Slammer worm impacted systems worldwide in less than a few hours. Moreover, for a time, the recent Blaster worm was infecting as many as 2 500 computers per hour," says Patrick Evans, Symantec regional manager for Africa.
Symantec says it expects to see greater worm propagation in future, resulting in overloads to network hardware, crippling network traffic and preventing Internet use.
The report also provides analysis of attacker vulnerability preferences for the first time. It shows that 64% of all new attacks targeted vulnerabilities less than one year old. Additionally, 66% of attacks in the period mentioned exploited vulnerabilities categorised as "highly severe".
The company has also determined that the time from discovery to outbreak continues to shorten significantly. "The W32.Blaster blended threat occurred only 26 days after the vulnerability was announced."
Share
