 | |
| ||||
March 07, 2006
|
|
|
"Broadband adoption appears to be driving bot-directed attacks as well as bot infections. That's one of the big things we saw in this report," said Dave Cole, a director with Symantec Security Response.
The UK remains a prime target for botnet attacks because of the rapid adoption of residential broadband in that region. By the same token, China and India are also sensitive geographies.
"Just like the rise of servers hosting international e-mail spammers in China, malware hosting sites in China have also been on the upswing," said Danny Levinson, managing partner at BDL Media, an online media publisher in China. "The problem is that computer users all over the world are inevitably lazy, and therefore prone to getting infected."
The nature of online threats is changing with attacks get more sophisticated and evidence mounting that the focus has shifted away from the network perimeter and on to attempted cybercrime attacks of bot-infected computers.
According to the latest edition of Symantec's Internet Security Threat Report, malicious hackers are increasingly using bot-networks, modular malicious code and targeted attacks on Web applications and Web browsers to carry out cyber raids.
"We have found that 88% of attacks use modular malicious code that will drop in a Trojan to open a system up to another type of malware," Symantec spokesman Richard Archdeacon said.
While past attacks were designed to destroy data, today's attacks are increasingly designed to silently steal data for profit without doing noticeable damage that would alert a user to its presence. In the previous Internet Security Threat Report, Symantec cautioned that malicious code for profit was on the rise, and this trend continued during the second half of 2005. Malicious code threats that could reveal confidential information rose from 74% of the top 50 malicious code samples last period to 80% this period.
The report also revealed that zombie computers are increasingly being used for criminal activities such as denial of service-based extortion attempts. On average, Symantec monitored 1,402 DoS attacks per day in the last six months of 2005, a 51% increase over that recorded in the first half of 2005.
The speed at which vendors are reacting to exploits with patches and fixes looks to be pegged at about the same levels as found in previous studies. Symantec found that an average of 49 days elapsed between the disclosure of a vulnerability and the release of a vendor-supplied patch. An average of 6.8 days elapsed between the announcement of a vulnerability and the release of associated exploit code, up from 6 days in the last period.
"Gone are the days when script-kiddies used to develop attacks which would cause maximum damage and attract as much attention as possible. The people behind today's cybercrime are using silent and more targeted methods to steal data and other sensitive information undetected," Archdeacon said. "The increased use of bot networks is coupled with the emergence of an online 'mafia' which sees a few 'Mr Bigs' controlling massive parts of the Internet for financial gain."
Attack trends
-- For the fifth straight reporting period, the Microsoft SQL Server resolution service stack overflow (formerly referred to as Slammer) was the most common attack. It was used by 45% of all attackers.
-- Symantec sensors from its customers' firewall and IDS tools detected an average of 39 attacks per day. This is a decrease of 18 attacks per day from the last reporting period.
-- Known bot network computers decreased from 10,347 per day in the first half of 2005 to 9,163 per day in the second half of the year. The United States had the highest percentage of bot-infected hosts globally with 26%.
-- The highest percentage of bot network command-and-control servers, 47%, were found in the U.S. South Korea had 9% of the worldwide total and Canada had 6%.
-- Financial services was the most frequently targeted industry, followed by education and small business.
"Updating and patching security systems is still the most effective way of staying protected from these threats. Despite the increasingly sophisticated methods being employed by cyber criminals, the methods used still predominantly rely on email and Internet downloads to spread," Archdeacon said.
 E-mail this story
 Printer-friendly version  Bookmark this page |
Custom Search
|
|
|
