5 Threats from the Internet

It's good to step back and get a sense of the landscape every once in a while. Security giant Symantec Corp. offered an opportunity to do that recently in its semi-annual document called the "Internet Security Threat Report."

Through the company's managed services, threat management system and vast installed base of antivirus software, the security giant is perhaps uniquely positioned to give a global assessment. Symantec claims to have 20,000 server monitors in 180 countries and the company gathers data on malicious code from 120 million clients, servers and gateways that run its antivirus software.

Symantec highlighted five broad trends in the recent report covering the first six months of 2004.

1) The window for patching vulnerabilities is critically short. "Over the past six months, the average time between the announcement of a vulnerability and the appearance of associated exploit code was 5.8 days," Symantec's report stated. Exploit code makes it possible to scan widely for the vulnerability and exploit it quickly. As an example, Symantec cited the Witty worm, which appeared two days after the vulnerability it exploits was reported.

2) Remotely controlled bot networks are growing quickly, from well under 2,000 computers at the end of 2003 to more than 30,000 by June 30. Bots are the robot programs that run covertly on target systems. Designed to allow unauthorized remote control of target computers, they can be used in concert to conduct distributed-denial-of-service attacks. Symantec points out that the growth of the bot networks combined with the short vulnerability-to-exploit cycle makes for an extremely dangerous situation. "Once an exploit is released, the owner of a bot network can quickly and easily upgrade the bots, which can then scan target systems for the vulnerability in question."

3) Even Fortune 100 companies, with presumably the biggest IT budgets and some of the best IT talent, are spreading worms. Symantec observed that more than 40 percent of Fortune 100 companies controlled IP addresses from which worm-related attacks propagated. "This indicates that, despite the measures taken by organizations, their systems are still becoming infected," according to the report.

4) Symantec believes the percentage of targeted attacks against e- commerce quadrupled in the first six months of the year. By targeted, Symantec means the e-commerce operation was singled out and intended for the attack, as opposed to the unpredictable propagation of a worm or the broadly cast net of a scan. In the last half of 2003, 4 percent of attacks against e-commerce were believed to be targeted. In the first half of 2004, that figure had jumped four-fold, to 16 percent.

5) Custom Web applications remain largely unsecured, leaving the valuable and confidential data in human resource, business services and accounting applications vulnerable to Web-based attacks that don't require the compromise of a server. Symantec estimates that 39 percent of the disclosed vulnerabilities in the first half of the year related to Web application vulnerabilities. The security firm further estimates that 82 percent of Web application vulnerabilities are easy to exploit.

Symantec has a lot of software and services to sell, and the company's report certainly serves that end. But there are lessons to be gained from the company's vast collection of data. The points about the bot networks and the short window for exploiting vulnerabilities make a solid and quick patching process even more of a must than it already has been. The vulnerability of the Fortune 100 shows that everybody still has work to do. The more intense targeting of E-commerce and the gaping holes in custom Web applications give everybody a place to start that work.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Phishing Tops Concerns in Microsoft Study of Remote Work

    Potential phishing attacks were a top concern of most IT security professionals when organizations switched to remote-work conditions early last year.

  • How To Configure Windows 10 for Intel Optane Memory

    Intel's Optane memory technology can significantly improve the performance of your Windows 10 system -- provided you enable it correctly. A single mistake can render the system unbootable. Here's how to do it the right way.

  • Microsoft and SAP Enhance Partnership with Teams Integration

    Microsoft and SAP this week described continuing partnership efforts on Microsoft Azure, while also planning a Microsoft Teams integration with SAP's enterprise resource planning product and other solutions.

  • Blue Squares Graphic

    Microsoft Previews Azure IoT Edge for Linux on Windows

    Microsoft announced a preview of Azure IoT Edge for Linux on Windows, which lets organizations tap Linux virtual machine processes that also work with Windows- and Azure-based processes and services.

comments powered by Disqus