Report: Threats Coming from all Sides

Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  
An increasing number of worms and viruses are blended threats, giving them multiple ways toget into a network and multiple ways to damage it, according to a new study from SymantecCorp.

The report also shows that the number of vulnerabilities has leveled off over the pastyear. And that sounds like good news until you realize that it's leveled off at about sevensoftware security flaws being discovered every day, adding up to 2,636 new vulnerabilitiesa year.

''That's a lot. That's really bad news,'' says Tony Vincent, lead global security architectfor Symantec. ''I think we're seeing a lot of damage because of the number ofvulnerabilities, the number of blended threats and because the virus writers are targetingbigger things.''

Vincent says the most surprising part of the Internet Security Threat Report is themounting incidents of blended threats. These worms have several different ways ofpropagating across the network. They may have mass-mailing mechanisms, along with theability to seek out backdoors left open by previous viruses, and the ability to seek outsoftware vulnerabilities to exploit. Once they're in a machine, they have multiple means ofcausing trouble. They might leave a backdoor or Trojan, they can delete information andthey can cull email addresses for the computer's hard drive.

And blended threats are wreaking havoc.

According to the Symantec report, blended threats were responsible for some of the mostsignificant security events of the year, which occurred last August when the Internetexperienced three new Category 4 worms in only 12 days. These worms -- Blaster, Welchia,and Sobig.F -- infected millions of computers worldwide and, according to estimates byComputer Economics, may have resulted in up to $2 billion in damages.

More recently, MyDoom, Nimda, Sobig and Bagle are all considered to be blended threats.

''This is dangerous because an IT manager can do all the right things to protect hiscompany from a particular threat, but if he misses just one thing, he's still going to endup with a big problem,'' says Vincent. ''You can patch all the vulnerabilities and talk tousers about not opening attachments, but if you have one machine on the network with abackdoor open, it will still get into your network.''

And more blended threats mean that more worms and viruses are 'successful'.

In the first half of 2003, only one-sixth of the companies analyzed reported a serioussecurity breach, according to Symantec's report. In the second half of the year, half ofthe companies reported a serious breach. This rise is largely the result of increasingly'successful' worms, which remain the most common source of attack activity. And almostone-third of all attacking systems targeted the vulnerability exploited by the Blasterworm, which hit the Internet like a steaming locomotive late last summer.

Financial services, healthcare, and power and energy were among the industries hardest hitby severe security events.

How Vulnerable Are We?

On the positive side, 2003 saw only 49 more reported software vulnerabilities than in 2002,taking the total number from 2,587 to 2,636. Last year, that averaged out to seven newvulnerabilities discovered every day.

''On the silver lining side, while we documented a dramatic growth in vulnerabilities overthe past several years, the rate of that increase has started to slow down a little bit,''says Vincent.

But that's where the good news ends.

Vincent also notes that of those 2,636 vulnerabilities reported last year, 70 percent wereclassified as easy to exploit, compared to 60 percent the year before. The study also showsthat the number of moderately severe vulnerabilities increased from an average of 98 permonth in 2002 to an average of 115 per month in 2003.

''That's a really big concern,'' he adds.

Client-side vulnerabilities in Microsoft Internet Explorer are on the rise, going from 20in the first half of 2003 to 34 in the second half of the year. That's an increase of 70percent. Many of these vulnerabilities allow attackers to compromise the systems of clientusers who visit Web sites hosting malicious content, intentionally or not. The primaryreason for concern over this trend is the massive market dominance of Internet Explorer.

Submit a Comment

Loading Comments...