Symantec threat report

Symantec in its semi-annual report has identified new methods of using malicious code for financial gain with increasing frequency to target desktops rather than enterprise perimeters. The report found a rise in the exposure of confidential information resulting in financial loss of credit card information or banking information.

“Attackers are moving away from large, multipurpose attacks on network perimeters and toward smaller more targeted attacks directed at Web and client-side applications”, says Arthur Wong, Vice-president of Symantec Security Response and Managed Security Response and Managed Security Services.

“As the threat landscape continues to change, users need to be diligent in keeping systems up-to–date with security patches and security solutions,” he adds.

According to the report, phishing attacks continue to proliferate. The volume of phishing messages grew from an average of 2.99 million a day to 5.70 million. One out of every 125 e-mail messages scanned by Symantec Brightmail anti-spam was a phishing attack. There has been a 100 percent increase in phishing attacks since 2004.

Some of the other findings of the report are:

• Denial-of-Service (DoS) attacks grew from an average of 119 per day to 927 per day during the first half of 2005—a 680 percent increase over the previous reporting period. The most frequently targeted industry was education, followed by small business and financial services.

  The time between the disclosure of vulnerability and the release of the associated exploit code decreased from 6.4 days to 6.0 days.

• During the first half of 2005, Symantec documented 1,862 new vulnerabilities–the highest number ever recorded in the Internet Security Threat Report. 97 percent of these vulnerabilities were classified as moderate or high in severity, and 59 percent of all vulnerabilities were found in Web application technologies, marking an increase of 59 percent over the previous reporting period and a 109 percent increase over the first six months of 2004.
• There was an increase of 48 percent in Win32 viruses and worm variants over the previous reporting period, and 142 percent over the first half of 2004.
• Adware, spyware, and spam continue to propagate.

An analysis of future and emerging trends concluded that an increase in the number of attack threats directed at wireless networks is likely.