Symantec Internet Security Threat Report Sees Sharp Increase in Reported Vulnerabilities But Drop in Overall Attack Activity
Report Also Indicates Increased Danger of Blended Threats
SINGAPORE -- February 10, 2003 -- Symantec, the world leader in Internet security technology, today released its global Internet Security Threat Report, which provides the most comprehensive analysis of trends in cyber security activity. The report is the result of analysis of more than 30 terabytes of data and covers network-based attack activity, vulnerability discovery, and malicious code.
For the first time, Symantec reports that the level of total cyber attack activity has decreased, falling 6 percent in the second half of 2002. The report also found that damage caused by recent blended threats, such as Opaserv, was considerably less than that caused by old threats, such as Code Red. Mixed with the encouraging news, Symantec also documented 2,524 new vulnerabilities in 2002, an increase of 81.5 percent over 2001. Symantec believes that the possibility of future, high impact, blended threats continues to represent one of the greatest risks to the Internet community.
"Symantec's Internet Security Threat Report, which is based on empirical analysis of the world's largest repository of security data, is the most reliable source of emerging trends in cyber security," said Amit Yoran, vice president, Symantec Managed Security Services. "This report provides CxOs and IT administrators with benchmarks and guidance to evaluate the effectiveness of their current and future security strategies."
Evidence gathered from monitoring malicious code outbreaks and cyber attack activity indicates that blended threats present one of the most substantial and potentially costly threats to the Internet community and the most damaging threats exploited vulnerabilities for which vendors had created patches long before the threat emerged.
"The time delay between a vulnerability discovery and its first use in a blended threat, coupled with the rising number of highly severe vulnerabilities, reinforces the need for companies to improve their security configuration and patch management practices," said Garry Sexton, Symantec's Asia Pacific Vice President.
Mr Sexton also noted that the report highlighted a very high level of attacks being launched from the Asia Pacific region. "Eighty percent of all Internet attacks were launched from computers located in only 10 countries and the tier one list of attacking countries included South Korea, Taiwan, Hong Kong and China. In fact Korea topped this list and one possible explanation is the high broadband penetration which makes it an attractive launch point for attackers throughout the world. This is a very good reminder of how important Internet security is for home computers as well as corporates."
Additional key findings include:
Cyber Attack Trends
- Eighty-five percent of all attacks reported during the past six months were classified as pre-attack reconnaissance, while the remaining 15 percent were classified as various forms of exploitation attempts.
- Excluding worm and blended threat activity, companies averaged 30 targeted attacks per company per week over the past six months, as compared to 32 attacks per company per week during the prior six-month period.
- Power and Energy companies show the highest rate of both attack activity and severe event incidence. In addition, the Financial Services sector experienced an elevation in overall attack volume and severe event incidence.
- As a country's Internet usage grows, the potential for compromise grows; this is illustrated by the rise in incidents from countries like South Korea, where incident reports grew 62 percent over the previous six-month period. * Additional Asia Pacific findings are attached.
Vulnerabilities Trends
- Moderate and high severity threats drove the growth of new vulnerabilities.
- The relative ease with which attackers are able to exploit new vulnerabilities remained unchanged over the past year. Approximately 60 percent of all new vulnerabilities could be easily exploited either because the vulnerability did not require the use of exploit code or because the required exploit code was widely available. However, of the subset of vulnerabilities that required the use of exploit code, only 23.7 percent actually had exploit code available in 2002, as compared with 30 percent in 2001.
Malicious Code Trends
- Blended threats, continued to constitute the most frequently reported threat. Blended threats combine the characteristics of viruses, worms, Trojan horses, and malicious code with server and Internet vulnerabilities to initiate, transmit, and spread an attack.
- Blended threat submissions were approximately twice as high as in the same six-month period of 2001.
- Eighty percent of all malicious code submissions were caused by only three blended threats: Klez, Opaserv, and Bugbear. Further, 78 percent of all cyber attack activity detected by Symantec was related to both old and recent blended threats.
About Symantec's Internet Security Threat Report
Insights in the Internet Security Threat Report are drawn from Symantec's breadth of world-leading resources. Cyber attack trends are drawn from the analysis of attack data collected in real time from a subset of thousands of intrusion detection systems and firewalls. These sensors are deployed in more than 40 countries as part of the Symantec's Worldwide Managed Security Services Operations. Vulnerability trends are based on statistical analysis of Symantec Response Team's extensive vulnerability database, which houses more than 6,000 vulnerabilities affecting more than 13,000 distinct products. Finally, malicious code trends are based on analysis of information generated by Symantec Response Team's Digital Immune System, which draws submitted virus data from more than 100 million antivirus products.
Symantec's Internet Security Threat Report is available on its Web site at www.symantec.com.
About Symantec
Symantec, the world leader in Internet security technology, provides a broad range of content and network security software and appliance solutions to individuals, enterprises and service providers. The company is a leading provider of client, gateway and server security solutions for virus protection, firewall and virtual private network, vulnerability management, intrusion detection, Internet content and e-mail filtering, remote management technologies and security services to enterprises and service providers around the world. Symantec's Norton brand of consumer security products is a leader in worldwide retail sales and industry awards. Headquartered in Cupertino, Calif., Symantec has worldwide operations in 38 countries. For more information, please visit www.symantec.com.
NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, please view the Symantec Press Center at http://www.symantec.com/PressCenter/ on Symantec's Web site.
Symantec and the Symantec logo are trademarks or registered trademarks, in the United States and certain other countries, of Symantec Corporation. Additional company and product names may be trademarks or registered trademarks of the individual companies and are respectfully acknowledged.
SYMANTEC'S TOP 10 VIRUS SECURITY THREATS FOR JANUARY 2003
Symantec, the world leader in Internet Security, releases monthly intelligence reports which list in order of severity, the most prolific viruses in Asia Pacific:
| + |
ASIA PACIFIC TOP TEN VIRUS THREATS |
GLOBAL TOP TEN VIRUS THREATS |
| 1. |
HTML.Redlof.A |
W32.Klez.H@mm |
| 2. |
W32.Klez.H@mm |
W32.Sobig.A@mm |
| 3. |
W32.Yaha.K@mm |
W32.Yaha.K@mm |
| 4. |
W32.Sobig.A@mm |
HTML.Redlof.A |
| 5. |
W32.Bugbear@mm |
W32.Bugbear@mm |
| 6. |
W32.Lirva.A@mm |
W32.Lirva.A@mm |
| 7. |
W95.Spaces.1445 |
W95.Hybris.worm |
| 8. |
W32.FunLove.4099 |
W95.Spaces.1445 |
| 9. |
W95.Hybris.worm |
W32.FunLove.4099 |
| 10. |
W32.Nimda.E@mm |
W32.Nimda.E@mm |
David Banes, Regional Manager Symantec Security Response, Asia Pacific, analysis of the January data:
"HTML.Redlof.A is a virus that infects html, which is a common format for web pages and email. Even though it was discovered in April of 2002, it is still at the top of our virus list for this month in Asia Pacific. This is the only virus in the list that infects html files, while the other viruses all infect Windows programs.
Many of the viruses listed in this top ten for January have been around for some time, including Klez, Bugbear, Yaha, and Nimda. .Internet users need to update their antivirus definitions to ensure that they are protected from these ongoing threats"
The W32.SQLExp.Worm (Spammer) discovered in January will not be listed in any top 10 virus list as it does not replicate via files so is not submitted to antivirus vendors for analysis. To find out further information on this new worm, please visit http://securityresponse.symantec.com/avcenter/venc/data/w32.sqlexp.worm.html
For further information regarding these threats, please visit the Symantec Security Response: http://securityresponse.symantec.com/
About Symantec
Symantec, the world leader in Internet security technology, provides a broad range of content and network security software and appliance solutions to individuals, enterprises and service providers. The company is a leading provider of client, gateway and server security solutions for virus protection, firewall and virtual private network, vulnerability management, intrusion detection, Internet content and e-mail filtering, remote management technologies and security services to enterprises and service providers around the world. Symantec's Norton brand of consumer security products is a leader in worldwide retail sales and industry awards. Headquartered in Cupertino, Calif., Symantec has worldwide operations in 38 countries. For more information, please visit www.symantec.com.
|
