The Symantec Internet security threat report

Earlier today, I downloaded the Eighth Edition of the Symantec Internet Security Threat Report. Published twice a year, this report highlights trends in the Internet security space and the following list highlights some of the key findings (according to Symantec).

Vulnerability trend highlights:

  • Symantec documented 1,862 new vulnerabilities, the highest number since Symantec started tracking vulnerabilities in six-month increments.
  • The time between the disclosure of a vulnerability and the release of an associated exploit was 6.0 days.
  • The average patch-release time for the past 6 months was 54 days. This means that, on average, 48 days elapsed between the release of an exploit and the release of an associated patch.
  • 97% of vulnerabilities were either moderately or highly severe.
  • 73% of reported vulnerabilities this period were classified as easily exploitable.
  • 59% of vulnerabilities were associated with web application technologies.
  • 25 vulnerabilities were disclosed for Mozilla browsers and 13 for Microsoft Internet Explorer.

Attack trend highlights:

  • For the fourth consecutive reporting period, the Microsoft SQL Server Resolution Service Stack Overflow Attack was the most common attack, accounting for 33% of all attacks.
  • Symantec sensors detected an average of 57 attacks per day.
  • TCP port 445, commonly implemented for Microsoft file and printer sharing, was the most frequently targeted port.
  • Symantec identified an average of 10,352 bots per day, up from 4,348 in December 2004.
  • On average, the number of denial of service (DoS) attacks grew from 119 to 927 per day, an increase of 679% over the previous reporting period.
  • 33% of Internet attacks originated in the United States, up from 30% last period.
  • Between January 1 and June 30, 2005, education was the most frequently targeted industry followed by small business.

Malicious code trend highlights:

  • Symantec documented more than 10, 866 new Win32 virus and worm variants, a 48% increase over the second half of 2004 and a 142% increase of the first half of 2004.
  • For the second straight period, Netsky.P was the most reported malicious code sample. Gaobot and Spybot were the second and third most reported, respectively.
  • Malicious code that exposes confidential information represented 74% of the top 50 malicious code samples received by Symantec.
  • Bot-related malicious code reported to Symantec made up 14% of the top 50 reports.
  • 6,361 new variants of Spybot were reported to Symantec, a 48% increase over the 4,288 new variants documented in the second half of 2004.

Additional security risks:

  • Adware made up 8% of the top 50 reported programs, up from 5% in the previous reporting period.
  • Eight of the top ten adware programs were installed through web browsers.
  • Six of the top ten spyware programs were bundled with other programs and six were installed through web browsers.
  • Of the top ten adware programs reported in the first six months of 2005, five hijacked browsers.
  • Messages that constitute phishing attempts increased from an average of 2.99 million per day to approximately 5.70 million messages.
  • Spam made up 61% of all email traffic.
  • 51% of all spam received worldwide originated in the United States.

Some interesting (and some frankly frightening) statistics there. Definitely worth a read for any network administrator or IT manager.

Leave a Reply