Trends from the Symantec Internet Threat Report

Are you sleeping OK at night? Are you getting your restful recharge, with no lingering doubts about network security in the back of your head? If so, and you want to keep it that way, don’t read on. No sense in disturbing a perfectly good sleep pattern over what might creep up to bite you at work.

But if you’re the kind that doesn’t want to get blindsided, then read not only this article, but the full Symantec Internet Security Threat Report, March 2006 edition.

Symantec publishes its Security Threat report every six months. It’s a very detailed analysis of what kinds of threats the company saw in the previous half year. The March 2006 report covers activity that took place from July 1, 2005 to December 31, 2005. Given that this is Symantec’s ninth such report, the company has a good history of the specific threats we’ve seen and a good trend report of how things have changed over the years. The companies offers suggestions (as well as products) for beefing up your network security and reducing your exposure to the various threats.

According to the report, Symantec’s data comes from more than 40,000 sensors monitoring network activity in more than 180 countries. Moreover, Symantec gathers malicious code data and spyware and adware reports from over 120 million client, server and gateway systems that have deployed Symantec’s anti-virus products. That’s an awful lot of data, yielding a worldwide picture of threats and vulnerabilities.

The trend highlight of the March 2006 report is that cybercrime and criminal attacks are on the increase, now dominating other types of attacks. Manifestations of these attacks include logging keystrokes, stealing cached passwords, and downloading files with confidential information. Not surprisingly, Symantec says that the financial services sector was the most frequently targeted industry.

Symantec warns about the increase in Web application vulnerabilities. According to the report, vulnerabilities in Web browser and Web server technologies are particularly threatening because they may be exposed to threats that are more difficult to prevent and detect. 69% of the vulnerabilities detected during the report period were associated with Web applications – up from 49% in the prior six months.

Symantec calls Web browsers “one of the easiest ways to attack users.” Contrary to popular belief, Microsoft’s Internet Explorer doesn’t have a lock on vulnerabilities. Although IE had 24 new vendor-confirmed and non-vendor-confirmed vulnerabilities identified in the latter half of 2005, Mozilla’s Firefox browser nearly kept pace with 17 such vulnerabilities. Symantec draws a conclusion on this, however, by stating, “Due to the nature of the open source development process, Firefox developers may be able to acknowledge and address vulnerabilities more quickly than developers of closed source browsers.” (As my catty friends and I would say, “Me-ow!”)

Other trend findings of this report:

* Symantec documented its highest number of new vulnerabilities (1,896) since 1998. In fact, 2005 was a more active year than 2004 for vulnerabilities, with a 40% increase year over year.

* It’s taking slightly longer for hackers to exploit a vulnerability (now 6.8 days vs. 6.0 days before) and less time for vendors to release a patch (an average of 49 days, down from 64 days) once a vulnerability is disclosed.

* Phishing attempts are on the increase. Symantec blocked 1.5 billion phishing attempts between July and December 2005, up 44% over the first half of 2005.

* The United States was the country of origin of 56% of all spam. (Let’s hear it for capitalism!)

Symantec, of course, is just one computer security company with its own view of the Internet. If you want a more vendor-neutral glimpse of security, try SecurityFous, which describes itself as “a site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.” With so many people sharing information about threats, vulnerabilities and protective measures, you’re bound to get the answers you need from one of the online forums. Then you can rest easy at night once again.