Symantec Report: Cyber Attacks Proliferating

by CXOtoday Staff    Oct 04, 2006

Home users are more vulnerable to identity theft, fraud and financially motivated crimes. Symantec made these alarming observations in an Internet security threat report. The survey report was released today says that home users account for 86 per cent of all targeted attacks, followed by businesses. A majority of these attacks are aimed at client side applications.

Yet another startling finding of the report mentions attackers use of a variety of techniques to escape detection. The attackers can prolong their stay in the system to steal information, hijack computers and even compromise confidential information, it warns.

SURVEY FINDINGS:

The attackers target malicious codes in web browsers, e-mails and other desktop applications and break into the best practices and in-depth securities adopted by software vendors and enterprises.

Symantec has documented 69 per cent vulnerabilities affecting web applications in the first half of 2006 itself. 47 of these vulnerabilities were documented among Mozilla browsers (as against 17 in the corresponding period last year), 38 in the Microsoft Internet Explorer (25) and 12 in Apple Safari.

The report reveals that 18 per cent of all malicious code samples detected this time were not seen before. Phishers bypassed filtering technologies using multiple randomized messages and distributing messages in a broad uncontrolled fashion.

The financial service sector was the most heavily phished, the survey report says. It accounted for 84 percent of phishing sites tacked by the Symantec Phish Report Network and Brightmail AntiSpam. Symantec documented 2,249 vulnerabilities in the first half of 2006.

Spam, at 54 per cent witnessed an increase of four percent in the monitored e-mail traffic as against 50 per cent last year. Symantec identified more than 4.6 million distinct active bot network computers (an average of 57,717 active bot network computers per day) and an average 6,110 DoS attacks per day.

Malware-modular malicious code was used to update or download aggressive threats and expose sensitive information. It accounted for 79 per cent of the top 50 malicious codes reported to Symantec.

Sun had the longest patch release time of 89 days followed by HP with 53 days. Apple’s patch release period was 37 days (average) and the patch release period for Red Hat and Microsoft was 13 days.

The attackers used misleading application or exaggerated reports for security threats persuade the user to cough off more money in three of the 10 top new security risks.

The denial of service (DoS) attacks targeted the United States the most, accounting for 54 per cent of the worldwide total. The Internet Service Provider sector was also the most targeted by DoS attacks, the report states.