Report Says Private Data Is Under Increased Attack

By Michael Hall | Mar 21, 2005 | Print this Page
http://www.enterprisenetworkingplanet.com/netsecur/article.php/3491741/Report-Says-Private-Data-Is-Under-Increased-Attack.htm

A new report by security firm Symantec says the frequency of attacks designed to gather personal information remains on the rise, with phishing incidents increasing over 360 percent in a six month period.

The firm's information comes from the seventh release of its semi-annual Internet Security Threat Report, which covers a gamut of security risks. The report covered the second half of 2004, pulling its data from a number of sources, including reports from its own product+R2468s, such as its DeepSight Threat Management System and its line of anti-virus software.

Network Attacks Up, Reliant on Oldies But Baddies
Though not as dramatically as phishing attacks, simple network-based attacks were also on the rise over the reporting period. According to Symantec, network attacks increased from an average of 10.6 attacks per day in the first half of 2004 to 13.6 attacks in the second half.

The lion's share of the attacks were the Microsoft SQL Server Resolution Service Stack Overflow Attack (formerly known as the Slammer attack), used by 22 percent of all attackers. Symantec reported that the second most common attack was the TCP SYN Flood Denial of Service attack (define), which was launched by 12 percent of attackers.

The financial services industry was hit the hardest by these attacks, logging 16 "severe" events per 10,000 security events. According to Symantec, a "severe" event involves partial or complete compromise of the targeted system.

Attacks on Web applications also played prominently in this area. According to Symantec, nearly 48 percent of all vulnerabilities documented between July 1 and Dec. 31, 2004 were Web application vulnerabilities, up from 39 percent in the previous six-month period. According to Symantec, Web apps are popular targets because the applications themselves are available over exposed ports, unprotected by firewalls.

Plenty for Admins to Scramble Over
The lot of administrators trying to stay caught up on their patches and security improvements didn't get any better during the report period, either.

Among other statistics presented by Symantec, the time between disclosure of a vulnerability and the release of an exploit sat at 6.4 days. But the number of vulnerabilities to track increased by 1,403, which constituted a 13 percent increase in the total number of reported vulnerabilities.

Symantec said 97 percent of those vulnerabilities were considered either highly or moderately severe, and said 70 percent of all documented vulnerabilities were "easily exploitable," meaning they require no custom code to compromise, or that the code needed is readily available.

Seeking solace in the arms of alternative software didn't do much for anyone either: During the report period, the upstart Mozilla family of Web browsers had 21 vulnerabilities disclosed, while 13 were reported on Internet Explorer. Symantec made no comment on how the vulnerability count was broken down, and didn't mention whether a flaw in the Mozilla rendering engine, which is shared by Mozilla and its derivative products Firefox and Netscape Communicator, was considered a single flaw or counted as one flaw per member of the Mozilla family. Similarly, no differentiation was made between the assorted versions of Internet Explorer.

Information Attacks Prominent
This period's report placed a heavy emphasis on attacks meant to gain private information such as account numbers and passwords.

Symantec says malicious software designed to expose confidential information "represented 54 percent of the top 50 malicious code samples" it received during the reporting period. The period prior, such software represented 44 percent of the total reports; and in the second half of 2003 it represented 36 percent. Much of that code took the form of Trojan horse software (define), which represented 33 percent of Symantec's samples.

Another prong in the assault on privacy took the form of phishing attacks (define). Symantec reported anti-fraud filters found in its Brightmail anti-spam offerings blocked an average of 33 million phishing attempts per week by the end of the reporting period, up from an average of 9 million per week in July, representing an increase of over 366 percent. The company didn't specify how much of that increase was due to a general increase in awareness of phishing over the past year, along with improved methods for identifying it; or an increase in the actual volume of phishing mail.