SAN FRANCISCO – Symantec has released version 9 of its Internet Security Threat Report, which provides a six-month update of Internet threat activity. It includes analysis of network-based attacks, a review of known vulnerabilities, and highlights of malicious code and additional security risks.
The current report was prepared with data gathered from around the world, during a period beginning July 2005 through December 2005.
Along with this report comes the Consumer Threat Meter. It’s a version of the enterprise threat condition targeted to consumers in email, web, IM, and P2P threats. It’s a red/green/yellow threat meter considered spyware, malware, spam, vulnerabilities and attack landscape.
Available at www.symantec.com/home_homeoffice, Offered as a free resource, it is intended to provide consumers with the latest information on the risk level associated with specific online activities.
The Symantec Internet Threat Meter is designed to promote productive and enjoyable online experiences for computer users, while educating them about most recent Internet threats and steps they can take to safeguard their computers and personal data while online.
“It’s not all about dealing with tools and technology; we believe education will go a long way towards improving security,” said Michael Murphy, vice president, Symantec.
“It dovetails with the online trust and confidence that is eroding. A lot of people are falling victim to criminal threats. As an industry that’s the wrong direction, and as a leader Symantec wants to help educate and provide early warning about the threat landscape out there.”
Internet Security Threat Report data indicate most malware is generated for the benefit of making money.
“We’re using crimeware as a term to describe the attacks and threats,” said Murphy.
“Report versions 7 and 8 were dominated by botnets, and software that disabled firewalls and scanners to steal; what we call a multi-stage approach to attack. Once the software is inside it does more.”
There are also attacks exploiting vulnerabilities of the operating systems, moving away from attacks that are easily detectable at the perimeter. Traditionally attacks disrupted a firewall.
“Now they are exploiting http, which makes its way to the client, so now they’re not attacking the OS and perimeter, they’re attacking the desktop and applications because it’s profitable,” said Murphy.
“Because of the rise in bot networks, more systems can be compromised, and we’re seeing a boom in command and control threats that compromise as many systems as possible.”
There are more instances in rootkits and spyware, keystroke loggers to aid in capturing sensitive information. Yet interestingly, the number of intentional damage attacks has dropped.
“Two or three years ago we were seeing a category 4 or 5 threat almost every week, averaging 36 category 4 or 5 threats per year” said Murphy.
“Last year there were four. You’d think that was getting better, and while that’s true; we’ve seen a greater corresponding increase in quieter, stealthier category 1 and 2 threats. Not splashy, but more subversive. That speaks to botnets, rootkits, modular code, and to go undetected for the purpose of financial gain instead of bragging rights. And that’s across the board.”
What’s interesting about this report is the market that has emerged in the selling of vulnerabilities. There is profit in discovery and research of vulnerabilities, withholding, and selling of those. That’s another trend that is motivated clearly by financial gain.
