Earlier today, I downloaded the Eighth Edition of the Symantec Internet Security Threat Report. Published twice a year, this report highlights trends in the Internet security space and the following list highlights some of the key findings (according to Symantec).
Vulnerability trend highlights:
- Symantec documented 1,862 new vulnerabilities, the highest number since Symantec started tracking vulnerabilities in six-month increments.
- The time between the disclosure of a vulnerability and the release of an associated exploit was 6.0 days.
- The average patch-release time for the past 6 months was 54 days. This means that, on average, 48 days elapsed between the release of an exploit and the release of an associated patch.
- 97% of vulnerabilities were either moderately or highly severe.
- 73% of reported vulnerabilities this period were classified as easily exploitable.
- 59% of vulnerabilities were associated with web application technologies.
- 25 vulnerabilities were disclosed for Mozilla browsers and 13 for Microsoft Internet Explorer.
Attack trend highlights:
- For the fourth consecutive reporting period, the Microsoft SQL Server Resolution Service Stack Overflow Attack was the most common attack, accounting for 33% of all attacks.
- Symantec sensors detected an average of 57 attacks per day.
- TCP port 445, commonly implemented for Microsoft file and printer sharing, was the most frequently targeted port.
- Symantec identified an average of 10,352 bots per day, up from 4,348 in December 2004.
- On average, the number of denial of service (DoS) attacks grew from 119 to 927 per day, an increase of 679% over the previous reporting period.
- 33% of Internet attacks originated in the United States, up from 30% last period.
- Between January 1 and June 30, 2005, education was the most frequently targeted industry followed by small business.
Malicious code trend highlights:
- Symantec documented more than 10, 866 new Win32 virus and worm variants, a 48% increase over the second half of 2004 and a 142% increase of the first half of 2004.
- For the second straight period, Netsky.P was the most reported malicious code sample. Gaobot and Spybot were the second and third most reported, respectively.
- Malicious code that exposes confidential information represented 74% of the top 50 malicious code samples received by Symantec.
- Bot-related malicious code reported to Symantec made up 14% of the top 50 reports.
- 6,361 new variants of Spybot were reported to Symantec, a 48% increase over the 4,288 new variants documented in the second half of 2004.
Additional security risks:
- Adware made up 8% of the top 50 reported programs, up from 5% in the previous reporting period.
- Eight of the top ten adware programs were installed through web browsers.
- Six of the top ten spyware programs were bundled with other programs and six were installed through web browsers.
- Of the top ten adware programs reported in the first six months of 2005, five hijacked browsers.
- Messages that constitute phishing attempts increased from an average of 2.99 million per day to approximately 5.70 million messages.
- Spam made up 61% of all email traffic.
- 51% of all spam received worldwide originated in the United States.
Some interesting (and some frankly frightening) statistics there. Definitely worth a read for any network administrator or IT manager.