Security Threats Bypassing the Perimeter
Symantec's latest report concludes that security attacks are increasingly aimed at desktops instead of network perimeters.
The security company released its eighth Internet Security Threat Report today. The report's primary finding was that the occurrence of malware aimed at exposing confidential information was up 54 percent in the first half of this year, comprising 74 percent of the top 50 malware samples reported to the company.
"Attackers are moving away from large, multipurpose attacks on network perimeters and toward smaller, more targeted attacks directed at Web and client-side applications," said Arthur Wong, vice president of Symantec Security Response and Managed Security Services.
The company also found that there's a market in bot networks both for sale and rent. The report noted an average of 10,352 active bot network computers per day, which it said represented an increase of more than 140 percent from the previous reporting period.
Also on the rise are phishing attacks, which Symantec reports rose from an average of 2.99 million messages a day to 5.70 million; denial of service attacks, which the company says rose from an average of 119 per day to 927 per day in the first half of the year; and the overall number of new vulnerabilities reported.
Security responses add to some of the concerns reported by Symantec. In its report, the company claimed that "the time between the disclosure of a vulnerability and the release of associated exploit code decreased from 6.4 days to 6.0 days." At the same time, "an average of 54 days elapsed between the appearance of a vulnerability and the release of an associated patch by the affected vendor," leaving an average window of vulnerability for users of 48 days.