The number of security holes poked in computer software may be leveling off as vendors scramble to make their products more secure, but the vulnerabilities that are found these days — despite these efforts — are more severe. New vulnerabilities increasingly are being leveraged to attack companies and consumers with worms that threaten confidentiality and privacy, according to Symantec’s latest “Internet Security Threat Report.”
The antivirus and security giant — which compiles its report by tabulating customer response and threat-management sensors that monitor attack activity around the globe — said software attacks are aiming increasingly at core components of the widely used Windows operating system from Microsoft, as well as the company’s leading Internet Explorer browser.
Symantec security officials also pointed to the continued use of advancing, blended threats — malicious code that has multiple ways of infecting, spreading, disrupting or stealing — and worms, which now make up the bulk of attack methods.
“One of the trends that is most alarming is the number of blended threats that attack back doors left by other blended threats,” Symantec lead global security architect Tony Vincent told TechNewsWorld. “The number of leave-behinds and back doors is growing,” he added, referring to the recent MyDoom worm and follow-ups DoomJuice and DeadHat.
Worm Worries Rise
Symantec indicated that while only one in six companies reported serious security breaches in the first half of 2003, that ratio rose to half of companies during the second half of last year, which could indicate corporate systems increasingly are coming under attack.
Symantec credited the rise to successful worms, such as Blaster, which leveraged the core Remote Procedure Call protocol in Windows to infect thousands of machines. Symantec reported that nearly one-third of all attacking systems targeted the same RPC vulnerability in the latest reporting period.
The security company also singled out financial services, healthcare and power-and-energy as among the industries hardest hit by severe security attacks.
Ken Dunham, iDefense director of malicious code, told TechNewsWorld that attackers and virus writers are constantly developing worm technology and increasingly using it to carry out country- or company-specific attacks.
Vital Info Vulnerable
Key among other troubling findings from the report was a huge spike in threats to privacy and confidentiality, which affects both home and enterprise users, according to Symantec’s Vincent. The company reported that during the second half of 2003, there was 519 percent growth in the volume of such submissions within the top 10 malicious code rankings compared with the year’s first half.
“Another alarming trend is the dramatic increase in threats that specifically target confidential data, such as passwords, credit cards and license keys,” Vincent said.
Symantec said that while older threats compromised confidentiality by exporting random documents, more recent viruses and blended threats also steal passwords, decryption keys and logged keystrokes.
Gaps Not Getting Worse
Vincent said the bright news in the latest Symantec threat report is that after a speed-up in the rate and number of vulnerability discoveries in the past few years, the number of security holes being uncovered appears to be slowing.
“The silver lining is the rate of that new vulnerability finding has leveled off,” Vincent said. “Still, seven new vulnerabilities per day and having to determine what is critical and dealing with patching is still a pretty onerous task, but the good news is the rate at which it’s getting worse is not getting worse.”
Nevertheless, Symantec said the severity of vulnerabilities — rated on impact, remote exploitability, authentication and availability — is on the rise, while the time between announcement of a security hole and release of an associated exploit is still shrinking.
Targeting Core, Explorer
Reporting that more than 70 percent of tenured Symantec customers avoided any severe attacks, the company said threats targeting “core Windows components,” such as Blaster with the RPC hole, are more widespread than the server-targeting network worms of the past. The result, Symantec said, is a much higher density of vulnerable systems.
At the same time, the widely used Internet Explorer browser is increasingly the basis for client-side attacks, which are rising with increased vulnerabilities.
“That’s troubling again because it’s on almost every box,” Vincent said. “The sheer quantity makes it a concern. The fact that all you have to do is coax someone to a Web site to infect them; that’s troubling.”