A recent security threat report issued by Symantec.com detailed a number of the threats facing computer and Internet users in their travels.
The most prevalent threats are apparently those that attempt to steal identity-related information like phishing attacks. Arthur Wong, vice president of Symantec Security Response and Managed Security Services, says, Attackers are launching increasingly sophisticated attacks in an effort to compromise the integrity of corporate and personal information.”
As indicated, the report details these threats and discusses the attacks making use of the various methods:
Rise in Threats to Confidential Information
The report indicates threats to confidential information represented 54 percent of the top 50 malicious code samples received by Symantec. Trojan horses are the primary vehicles of this type of attack.
Steady Increase in Phishing Attacks
This one is the biggie. Symantec’s report reveals phishing attacks are up an astounding 366%. “By the end of December 2004, Symantec Brightmail AntiSpam antifraud filters were blocking an average of 33 million phishing attempts per week, up from an average of 9 million per week in July 2004.” Unfortunately, Symantec expects this trend to continue its increase.
Increase in Attacks Against Web Applications
According to Symantec, “Nearly 48 percent of all vulnerabilities documented between July 1 and Dec. 31, 2004 were Web application vulnerabilities.” Because web apps are approved by firewalls (in order to access the Internet), the security characteristics are avoided. Web application attacks include exploiting vulnerable web browsers.
Rise in Number of Windows Virus/Worm Variants
Because of the proliferation of Windows-based computer environments, the number of viruses and malicious programs targeting Microsoft’s software continue to grow at an accelerated rate. Symantec’s report reveals, “From July 1 to Dec. 31, 2004, Symantec documented more than 7,360 new Windows 32 virus and worm variants. This represents an increase of 64 percent over the previous six-month period. As of Dec. 31, 2004, the total number of documented Windows 32 threats and their variants was approaching 17,500.”
Increase in Severe, Easy-to-Exploit, Remotely Exploitable Vulnerabilities
With the increase in attacks based solely on executable programs and code, the ease of getting these programs to perform their malicious duties has also increased. Symantec indicates, “70 percent were considered easy to exploit, which means that either no custom code is required to exploit the vulnerability or that such code is publicly available. Compounding this problem is that nearly 80 percent of all documented vulnerabilities in this reporting period are remotely exploitable, which likely increases the number of possible attackers.”Related.My-Snort.org