CYBERSPACE — In a report detailing trends in internet security, Symantec observes that the United States remains the biggest source of online attacks, accounting for more than 31-percent of all “malicious activity” that took place between July and December of 2006.According to the report, China ranks second for malicious activity overall, contributing 10-percent of the total, followed by Germany (7-percent), France, the United Kingdom and South Korea (4-percent each).
In addition to the overall rank, each country is ranked according to a variety of individual areas, including ranks for “Malicious Code,” “Spam Host,” “Command and Control Server,” “Phishing Host,” “Bot” and “Attack.” In all but one of these categories, the report gives the U.S. the #1 spot; the exception is the bot rank, where the U.S. is #2, behind #1 China.
In the report, Symantec states that over the past two reporting periods, researchers have “observed a fundamental shift in Internet security activity.”
“The current threat environment is characterized by an increase in data theft and data leakage, and the creation of malicious code that targets specific organizations for information that can be used for financial gain,” Symantec states in its report.
Among other things, Symantec researchers observed that rather than exploit “high-severity vulnerabilities” via a direct attack, attackers are now “discovering and exploiting medium-severity vulnerabilities in third-party applications, such as Web applications and Web browsers.”
“Those vulnerabilities are often used in ‘gateway’ attacks, in which an initial exploitation takes place not to breach data immediately, but to establish a foothold from which subsequent, more malicious attacks can be launched,” the report states.
Other attack trends highlighted in the Symantec report:
• The “government sector” accounted for more identity theft-related data breaches than any other sector, and accounted 25-percent of all such breaches.
• Microsoft’s Internet Explorer was the target of 77-percent of all attacks that specifically targeted browser vulnerabilities.
• Home users were the most frequently targeted user population, accounting for 93-percent of all targeted attacks.
• The city of Beijing has the most bot-infected computers of any city in the world, accounting for over 5% of the worldwide total.
• 86-percent of the credit and debit cards “advertised for sale on underground economy servers known to Symantec” were issued by banks in the United States.
The report’s key findings for vulnerability trends include:
• For the reporting period, Symantec classified 4-percent of all vulnerabilities “high severity,”
69-percent were “medium severity,” and 27-percent “low severity.”
• 66-percent of vulnerabilities disclosed during the reporting period affected Web applications.
• 79-percent of all vulnerabilities documented during the reporting period are considered “easily exploitable.”
• 94-percent of all easily exploitable vulnerabilities disclosed during the second half of 2006 could be exploited remotely.
The trends for malicious codes identified in the report include:
• Of the top 10 new “malicious code families” detected in the period covered by the report, five were Trojans, four were worms, and one was a virus.
• Worms accounted for 52-percent of malicious code threats, down from 75-percent in the previous reporting period.
• The volume of Trojans in the top 50 malicious code samples reported to Symantec increased from 23 percent to 45 percent.
• Trojans accounted for 60-percent of the top 50 malicious code samples when measured by potential infections.
For more information, see the full Symantec report, located here: http://www.symantec.com/enterprise/theme.jsp?themeid=threatreport
