2006 in Review
The countdown to December 31 has begun. As 2006 comes to a close,it’s important to review the significant trends and issues observed bySymantec Security Response over the past year. Some of these may relateto what we can expect to see in the New Year.
First and foremost, throughout 2006 we identified that online fraudhas steadily increased and become even more sophisticated. Much of theonline fraud activity we’ve seen has been in the form of phishing –approximately seven million total phishing attempts each day. That’s alot of cybercriminals on the hunt for your personal information! Wehave also witnessed phishers innovating beyond the traditional onlinescam where they may distribute tens of thousands of emails hoping totrick one of you lucky individuals. Today, we are seeing fraudstersembrace new techniques such as vishing and SMishing to solicit andobtain your confidential information. See Zulfikar Ramzan’s blog Phishing 2006: The Year in Review.
It should be no surprise to anyone that during 2006, we saw anincrease in the number of zero-day exploits, a trend that indicatesattackers are becoming more methodical in their discovery andexploitation of software vulnerabilities. Zero-day exploits have alsoexpanded beyond Microsoft Office – you may remember two zero-dayexploits affecting Ichitaro, a Japanese word processing program earlierthis year. It’s fair to say vendors are steadily improving thedevelopment and release of software fixes to patch thesevulnerabilities; however, the reality is that attackers, on average,develop exploits faster than vendors develop patches. This leaves a lotof uncertainty for the average user because according to the mostrecent Internet Security Threat Report,the average time to develop a patch was 31 days and the average time todevelop exploit code was three days. This leaves a 28 day window ofexposure and, more importantly, affected systems at great risk forattack.
The most important lesson for 2006 is that aggressive threats arethe future. Symantec Security Response observed more mainstreamadoption of threats such as polymorphics and rootkit technologies, oneof the toughest threats out there. Rootkits may be the minority now,but they are becoming increasingly more common, especially whencompared to how sparse they were only 12 months ago. We believe withtheir deep roots, undetectable presence on a machine, and ability totake action without end users’ consent or knowledge, they are bound tobe the threat of the future! See Mimi Hoang’s blog Rustock: Deep Dive.
As in years past, the threat landscape will continue to morph andevolve into an environment that’s unknown; therefore requiring the mosteffective security solutions. Evasive, stealthy, and aggressiveInternet behavior is on the rise and the speed of a security vendoralone is not enough. It’s a vendor’s ability to catch the tough, trickythreats in a timely manner that really counts.