Symantec - australia / new zealand
 global sites
products
purchase
service and support
security updates
downloads
about symantec
search
feedback


© 1995-2006 Symantec Corporation.
All rights reserved.
Legal Notices
Updated Privacy Policy
press centre

Symantec Internet Security Threat Report Sees Sharp Increase in Reported Vulnerabilities But Drop In Overall Attack Activity

Report Also Indicates Increased Danger of Blended Threats

SYDNEY --NSW - February 4, 2003 -- Symantec, the world leader in Internet security technology, today released its global Internet Security Threat Report, which provides the most comprehensive analysis of trends in cyber security activity. The report is the result of analysis of more than 30 terabytes of data and covers network-based attack activity, vulnerability discovery, and malicious code.

For the first time, Symantec reports that the level of total cyber attack activity has decreased, falling six per cent in the second half of 2002. The report also found that damage caused by recent blended threats, such as Opaserv, was considerably less than that caused by old threats, such as Code Red. Mixed with the encouraging news, Symantec also documented 2,524 new vulnerabilities in 2002, an increase of 81.5 per cent over 2001. Symantec believes that the possibility of future, high impact, blended threats continues to represent one of the greatest risks to the Internet community.

"Symantec's Internet Security Threat Report, which is based on empirical analysis of the world's largest repository of security data, is the most reliable source of emerging trends in cyber security," said Amit Yoran, vice president, Symantec Managed Security Services. "This report provides CxOs and IT administrators with benchmarks and guidance to evaluate the effectiveness of their current and future security strategies."

Evidence gathered from monitoring malicious code outbreaks and cyber attack activity indicates that blended threats present one of the most substantial and potentially costly threats to the Internet community and the most damaging threats exploited vulnerabilities for which vendors had created patches long before the threat emerged.

"The time delay between a vulnerability discovery and its first use in a blended threat, coupled with the rising number of highly severe vulnerabilities, reinforces the need for companies to improve their security configuration and patch management practices," said John Donovan, Symantec Managing Director, Asia Pacific.

Mr Donovan also noted that the report highlighted a very high level of attacks being launched from the Asia Pacific region. "Eighty per cent of all Internet attacks were launched from computers located in only ten countries and the tier one list of attacking countries included South Korea, Taiwan, Hong Kong and China. In fact Korea topped this list and one possible explanation is the high broadband penetration which makes it an attractive launch point for attackers throughout the world. This is a very good reminder of how important Internet security is for home computers as well as corporates."

Additional key findings include:

Cyber Attack Trends

  • Eighty-five per cent of all attacks reported during the past six months were classified as pre-attack reconnaissance, while the remaining 15 per cent were classified as various forms of exploitation attempts.
  • Excluding worm and blended threat activity, companies averaged 30 targeted attacks per company per week over the past six months, as compared to 32 attacks per company per week during the prior six-month period.
  • Power and Energy companies show the highest rate of both attack activity and severe event incidence. In addition, the Financial Services sector experienced an elevation in overall attack volume and severe event incidence.
  • As a country's Internet usage grows, the potential for compromise grows; this is illustrated by the rise in incidents from countries like South Korea, where incident reports grew 62 per cent over the previous six-month period.

Vulnerabilities Trends

  • Moderate and high severity threats drove the growth of new vulnerabilities.
  • The relative ease with which attackers are able to exploit new vulnerabilities remained unchanged over the past year. Approximately 60 per cent of all new vulnerabilities could be easily exploited either because the vulnerability did not require the use of exploit code or because the required exploit code was widely available. However, of the subset of vulnerabilities that required the use of exploit code, only 23.7 per cent actually had exploit code available in 2002, as compared with 30 per cent in 2001.

Malicious Code Trends

  • Blended threats, continued to constitute the most frequently reported threat. Blended threats combine the characteristics of viruses, worms, Trojan horses, and malicious code with server and Internet vulnerabilities to initiate, transmit, and spread an attack.
  • Blended threat submissions were approximately twice as high as in the same six-month period of 2001.
  • Eighty per cent of all malicious code submissions were caused by only three blended threats: Klez, Opaserv, and Bugbear. Further, 78 per cent of all cyber attack activity detected by Symantec was related to both old and recent blended threats.

About Symantec's Internet Security Threat Report
Insights in the Internet Security Threat Report are drawn from Symantec's breadth of world-leading resources. Cyber attack trends are drawn from the analysis of attack data collected in real time from a subset of thousands of intrusion detection systems and firewalls. These sensors are deployed in more than 40 countries as part of the Symantec's Worldwide Managed Security Services Operations. Vulnerability trends are based on statistical analysis of Symantec Response Team's extensive vulnerability database, which houses more than 6,000 vulnerabilities affecting more than 13,000 distinct products. Finally, malicious code trends are based on analysis of information generated by Symantec Response Team's Digital Immune System, which draws submitted virus data from more than 100 million antivirus products.

Symantec's Internet Security Threat Report is available on its Web site at www.symantec.com.

About Symantec
Symantec, the world leader in Internet security technology, provides a broad range of content and network security software and appliance solutions to individuals, enterprises and service providers. The company is a leading provider of client, gateway and server security solutions for virus protection, firewall and virtual private network, vulnerability management, intrusion detection, Internet content and e-mail filtering, remote management technologies and security services to enterprises and service providers around the world. Symantec's Norton brand of consumer security products is a leader in worldwide retail sales and industry awards. Headquartered in Cupertino, Calif., Symantec has worldwide operations in 38 countries. For more information, please visit www.symantec.com.au

NOTE TO EDITORS: Symantec and the Symantec logo are trademarks or registered trademarks, in the United States and certain other countries, of Symantec Corporation. Additional company and product names may be trademarks or registered trademarks of the individual companies and are respectfully acknowledged.