More Security Attacks Motivated By Greed, Symantec Reports
The overall daily volume of attacks is declining, but profit-motivated attacks and bots are increasing.
By George V. Hulme
There's good news and bad news on the security front. Internet security company Symantec Corp. on Monday released its Internet Security Threat Report, which provides a six-month snapshot of security events the vendor monitored for the first six months of 2004. The report is derived from the monitoring of 20,000 security devices, such as intrusion-detection systems and firewalls, in 180 countries, from Symantec's managed-security-services and DeepSight Threat Management System clients.
First the good news: The report shows an overall decline in the average daily volume of attacks. For the period of July through December 2003, Symantec calculated a daily attack rate of 12.6. From January through June 2004, the daily attack rate was 10.6. Symantec attributes the drop to a decline in Internet-based worm attacks during the first half of this year compared with other periods.
That's the end of the good news. Now for the bad news.
"We're seeing an increase in profit-motivated attacks," says Vincent Weafer, senior director of Symantec's virus research team. That could be why the security company is reporting that attacks aimed at E-commerce sites rose from 4% of overall attacks to 16%. Other trends that point to attacks for profit include the increase in phishing scams and spyware designed to pilfer user names, passwords, and financial information, Weafer says.
Another serious threat is the growth of so-called bot networks, or computers infected with malicious code that can take over the machines and use them to launch attacks on other computers. At the beginning of this year, the company monitored nearly 2,000 such networks. That figure jumped to 30,000 by June. On one day, the company saw a spike of 75,000 bot-infected computers. These bot networks are often used to launch massive distributed denial-of-service attacks that crush networks under a swarm of bogus traffic.
Other highlights of Symantec's report include:
The January 2003 SQL Slammer worm lives on. About 15% of Internet-connected systems launching attacks did so with SQL Slammer-related attacks.
The average time from the public disclosure of a software vulnerability to the release of attack tools designed to exploit it is 5.8 days.
During the first half of 2004, roughly 48 new software vulnerabilities were disclosed each week.
Symantec says that 70% of the new vulnerabilities disclosed are considered "easy to exploit."