News

More attackers targeting e-commerce and Web apps, says Symantec

• By John K. Waters
• September 22, 2004

The total number of virus attacks are down, but malicious codemeisters are getting faster, more sophisticated, and they're beginning to target e-commerce concerns and small businesses. That's the conclusion of a report published this week by security application provider Symantec.

Symantec's bi-annual 'Internet Security Threat Report' found the average daily volume of attacks was down for the first half of this year vs. the daily attack rate for July through December of last year. However, threats against e-commerce concerns were up 400%, accounting for nearly 16% of the attacks tracked in the report vs. 4% during the second half of 2003. Attacks on small businesses ranked second.

According to Arthur Wong, VP of Symantec's security response and managed security services group, 'exploits are being created more easily and faster than ever, while attackers are launching more sophisticated attacks for financial gain.'

'This rise may indicate a shift from attacks motivated by notoriety to attacks motivated by economic gain,' the report concludes. 'This possibility is further illustrated by an increase in phishing scams and spyware designed to steal confidential information and pass it to attackers.'

A particularly disturbing enterprise trend cited in the report: The growing appeal of Web application technologies as attack targets 'because of their widespread deployment within organizations and the relative ease with which they can be exploited.' Web apps are especially vulnerable, the report states, because they 'allow attackers to gain access to the target system simply by penetrating one end-user's computer, bypassing traditional perimeter security measures.' Nearly 82% of the Web application vulnerabilities documented in the report are classified as 'easy to exploit.'

Consequently, Web applications 'represent a significant threat to an organization's infrastructure and critical information assets,' the report concludes.

Not surprising, the top target of the black-hatters continues to be Microsoft, according to the report. The number of new viruses and worms aimed at the Windows operating system rose 400% during the first half of 2004 vs. the same period last year, according to the report. The 5,000 new Windows viruses and worms documented in the first half of this year represent 1,000 more than were documented during the same period last year.

The report also found: 

• The time between the appearance of a vulnerability and the manifestation of an exploit is growing shorter. Symantec's data indicates that, over the past six months, the average vulnerability-to-exploit window was just 5.8 days. 'This short window leaves organizations with less than a week to patch vulnerable systems,' the report concludes.
  
• The use of bots, programs covertly installed on targeted systems to give unauthorized users remote control, is on the rise. Attackers often coordinate large groups of bot-controlled systems to scan for other vulnerable systems, and then use them to increase the speed and breadth of their attacks. 'Bot networks create unique problems for organizations because they can be remotely upgraded with new exploits very quickly, which could potentially allow attackers to outpace an organization's security efforts to patch vulnerable systems,' the report notes.
  
• The growth of 'easy-to-exploit' vulnerabilities. According to Symantec, 70% of the 1,237 new vulnerabilities identified during the first half of this year were considered easy to exploit, and 96% were considered moderately or highly severe. '[O]rganizations must contend with an average of more than seven new vulnerabilities per day, and a significant percentage of these vulnerabilities could result in a partial or complete compromise of the targeted system,' the report finds.

Symantec describes its sixth bi-annual report as a 'six-month snapshot of security events.' The report is available at http://enterprisesecurity.symantec.com/content.cfm?articleid=1539<>.