Internet Security Threat Report: Cybercrime continues to rise (page 1 of 2)

The report, covering the second half of 2005, found that malicious code for profit continues to proliferate. In fact, malicious code threats that could reveal confidential information increased in this period. This article looks at today's cybercrime-related threat landscape in detail.

An evolving threat landscape

The Symantec Internet Security Threat Report provides analysis of network-based attacks, a review of known vulnerabilities, and highlights of malicious code and additional security risks. It draws upon numerous sources of Internet threat data around the world. For example, the Symantec Global Intelligence Network, which includes the DeepSight Threat Management and Managed Security Services, consists of more than 40,000 sensors monitoring network activity in more than 180 countries. In addition, Symantec gathers malicious code data (along with spyware and adware reports) from more than 120 million client, server, and gateway systems that have deployed its antivirus products.

The latest edition of the Threat Report traces a landscape characterized by ongoing threats to our digital lifestyle and to online business in general. Specifically,

• Cybercrimes such as online fraud and the theft of confidential information dominate today's online environment.

• Bots, bot networks, and customizable or "modular" malicious code are the preferred methods attackers use to compromise and control host systems.

• Web-based technologies are the target of choice for attackers.

• There has been a continued decline in "noisy," high-severity threats and a corresponding increase in "quieter," stealthier, and initially lower-severity threats.

Attack trends

As Symantec noted in the previous Internet Security Threat Report, attackers are generally moving away from large, multiple purpose attacks against traditional security devices such as firewalls and routers. Instead, they are focusing on regional targets, desktops, and Web applications that enable an attacker to steal corporate, personal, financial, or confidential information.

One of the more pronounced attack trends in the current reporting period involved denial of service (DoS) attacks. Between July 1 and December 31, 2005, the average number of DoS attacks detected per day was 1,402, an increase of 51% from the first half of 2005.

In this same period, Symantec identified an average of 9,163 bot-infected computers per day (bot networks are increasingly used for criminal DoS-based extortion attempts), down from 10,347 in the first six months of 2005.

Among other attack trends:

• The United States was the origin of 26% of the world's bot-infected computers, the most of any country.

• Financial services was the most frequently targeted industry.

• During the last six months of 2005, the United States was the source country of 31% of attacks, the most of any country.

Vulnerability trends

In the last six months of 2005, Symantec documented 1,895 new software vulnerabilities, the largest total number of recorded vulnerabilities since 1998. Of these, 97% were considered moderately or highly severe and 79% were considered easy to exploit. Overall, Symantec documented 40% more vulnerabilities in 2005 than in 2004.

In the last six months of 2005, 69% of the vulnerabilities reported to Symantec affected Web application technologies, a 15% increase over the previous period.