Fraud, information access trump high-profile IT attacks in 2005—and today
By Staff -- Manufacturing Business Technology, 7/1/2006 12:00:00 AM MDT
Symantec's most recent Internet Security Threat Report spells it out like this: System security is a problem that's not going to go away.
The report also indicates a trend toward highly targeted cyber crime—initially seen in the first half of 2005—rather than broad attacks to gain notoriety.
Says Dean Turner, executive editor of the report and senior manager for Symantec security response, "What stands out is that almost all attacks are designed with fraud or theft and financial motive in mind. We are seeing more of what we call Category 1 and 2 threats, with Category 5 being the most severe. As people have created stronger perimeters, attackers have moved to smaller threats that initially don't raise alarm bells.
"If there's a Category 3 worm, it generates noise and press, and people respond by protecting themselves," Turner continues. "Publicity is not good for attackers. Something that comes in as a low risk initially may escape your notice. We call that 'modular malicious code.' Once it's in your system, it activates to add more functionally. It's more of a stealth approach," Turner says.
The 115-page report, which covers the second half of 2005, makes for fairly gripping reading about the types of systems threats posed by those with illicit intentions and a desire to gain access to information.
"The threat landscape is being dominated by emerging threats such as bots [stealth robots] and customizable modular malicious code," the report states. "Targeted attacks on Web applications and Web browsers are the focal point for cyber criminals. While traditional attack activity has been motivated by curiosity and a desire to show off technical virtuosity, many current threats are motivated by profit."
Financial services represent the No. 1 target for attackers, followed by educational institutions. Small business ranks No. 3, while manufacturing represents the smallest industry sector reporting vulnerabilities among the top 10 industries cited in the report—primarily because it is more B2B-oriented, Turner reasons. But manufacturers certainly should not feel immune to attack, he cautions.
The report cites these distressing facts:
-
There were nearly 2,000 new vulnerabilities reported in the last half of 2005—the highest recorded number since 1998.
-
The average time between the announcement of a vulnerability and its exploitation is 6.8 days.
-
The average elapsed time between disclosure of a vulnerability and the release of a patch is 49 days—leaving a "window of exposure" of 42 days.
Given these facts, the report includes a Time-to-Compromise Index for assessing the time it takes attackers to compromise a newly installed operating system once it has been connected to the Internet. A Windows 2000 Server with no patches had the shortest average time—roughly one hour and 17 minutes—according to the report.
As for the future, instant messaging (IM) represents a very serious emerging vulnerability, claims Turner.
"IM traffic could exceed email by the end of 2006. With instant messaging, everybody on your list is put there by you," he explains. "These are people you inherently trust, so when you get a message from them, you don't go through the same process you would when opening email. This represents a big target for malicious code."
Enterprise data security
02/29/2004Many a conflicting priority
07/01/2005
