2006 in Review
The countdown to December 31 has begun. As 2006 comes to a close, it’s important to review the significant trends and issues observed by Symantec Security Response over the past year. Some of these may relate to what we can expect to see in the New Year.
First and foremost, throughout 2006 we identified that online fraud has steadily increased and become even more sophisticated. Much of the online fraud activity we’ve seen has been in the form of phishing – approximately seven million total phishing attempts each day. That’s a lot of cybercriminals on the hunt for your personal information! We have also witnessed phishers innovating beyond the traditional online scam where they may distribute tens of thousands of emails hoping to trick one of you lucky individuals. Today, we are seeing fraudsters embrace new techniques such as vishing and SMishing to solicit and obtain your confidential information. See Zulfikar Ramzan’s blog Phishing 2006: The Year in Review.
It should be no surprise to anyone that during 2006, we saw an increase in the number of zero-day exploits, a trend that indicates attackers are becoming more methodical in their discovery and exploitation of software vulnerabilities. Zero-day exploits have also expanded beyond Microsoft Office – you may remember two zero-day exploits affecting Ichitaro, a Japanese word processing program earlier this year. It’s fair to say vendors are steadily improving the development and release of software fixes to patch these vulnerabilities; however, the reality is that attackers, on average, develop exploits faster than vendors develop patches. This leaves a lot of uncertainty for the average user because according to the most recent Internet Security Threat Report, the average time to develop a patch was 31 days and the average time to develop exploit code was three days. This leaves a 28 day window of exposure and, more importantly, affected systems at great risk for attack.
The most important lesson for 2006 is that aggressive threats are the future. Symantec Security Response observed more mainstream adoption of threats such as polymorphics and rootkit technologies, one of the toughest threats out there. Rootkits may be the minority now, but they are becoming increasingly more common, especially when compared to how sparse they were only 12 months ago. We believe with their deep roots, undetectable presence on a machine, and ability to take action without end users’ consent or knowledge, they are bound to be the threat of the future! See Mimi Hoang’s blog Rustock: Deep Dive.
As in years past, the threat landscape will continue to morph and evolve into an environment that’s unknown; therefore requiring the most effective security solutions. Evasive, stealthy, and aggressive Internet behavior is on the rise and the speed of a security vendor alone is not enough. It’s a vendor’s ability to catch the tough, tricky threats in a timely manner that really counts.