Denial of service (DoS) attacks, bot networks, physing, and spam are on the rise, presaging a shift in the Internet security landscape.
These and more were discussed in the Internet Security Threat Report released this month by leading security provider Symantec.
"The days of website defacements and low-level, information gathering attacks are behind us. Today, we are seeing encrypted bot networks, remotely initiated database breaches, sophisticated physing scams, and customized malicious code targeting specific companies. As threats have evolved, so, too, has the job of tracking and reporting on them," said Dean Turner, executive editor of Symantecs Internet Security Threat Report (Volume X).
But the shift in the so-called Internet threat landscape did not happen overnight. Previous Internet threat reports prepared by Symantec chronicled this gradual shift.
What the report is saying is that as the Internet and computer technology evolved, so did hacker activities. As defenses were fortified, attackers changed tactics in penetrating the network "from low-profile network-based attacks to high-level, more focused breaches on client-side applications."
Symantec noted, too, the gradual shift in the motive that sustains underground computer activity "from simply demonstrating technical prowess to the pursuit of financial gain."
The report documented and analyzed Internet threats from Jan. 1 to June 30 this year, the 10th report to be published by the security firm in the last four years.
"Utilizing a team of more than 1,600 dedicated security analysts around the globe, the Internet Security Threat Report has become much more than just a collection of facts and figures. It has become an invaluable tool in helping enterprise organizations, small businesses, and consumers to make sense of the ever-changing threat landscape and secure their systems accordingly," Turner said.
Among the key findings were:
Microsoft Internet Explorer was the most frequently targeted Web browser, accounting for 47 percent of all Web browser attacks;
There was an average of 6,110 DoS attacks per day and the United States was the target of most of these attacks, accounting for 54 percent of the worldwide total, while China had the highest number of bot-infected computers during the first half of 2006, accounting for 20 percent of the global total.
Another very important finding is that the home user sector was the most highly targeted sector, accounting for 86 percent of all targeted attacks, followed by the financial services, government, education, information technology, and healthcare sectors.
According to the report, Symantec also documented 2,249 new vulnerabilities, up 18 percent from the second half of 2005, the highest level ever recorded for a six-month period.
Most importantly, Web application vulnerabilities made up 69 percent of all vulnerabilities.
According to Symantec, these have implications on the overall security issues in the enterprise.
In contrast to previously observed widespread, network-based attacks, attackers today tend to be more focused, often targeting client-side applications.
"As vendors and enterprises have adapted to the changing threat environment by implementing best security practices and in-depth defense strategies, attackers have begun to adopt new techniques. In part, this has resulted in more targeted malicious code and targeted attacks aimed at client-side applications, such as Web browsers, e-mail clients, and other applications," the report said.
These applications, it added, are used to communicate over networks and may also include programs such as word processing or spreadsheet programs.
Symantecs top 10 new security risks fall under the category of "misleading applications," which it defines as "applications that give false or exaggerated reports of security threats to persuade users to pay money to purchase software."
The application focus of threats has created a new security paradigm in the sense that aside from "targeted attacks," hackers have also devised strategies to launch attacks that propagate slowly and are slower to detect.
"Attackers," the report emphasized, "are also reverting to older, non-technical means of compromise, such as social engineering, in order to launch successful attacks."
Physing attacks, for one, have increased by as much as 81 percent compared to the first half of 2005. Symantec attributed this to the increased ability of attackers to evade or bypass filtering technologies.
The financial sector is still the most heavily "physed" for obvious reasons. "Once an attacker gains access to a targets account through one of these attacks, he or she can initiate wire transfers to remove funds, apply for loans, credit lines, or credit cards," the report said.
Spam, too, is on the rise. In the first half of 2006, spam comprised 54 percent of all monitored e-mail traffic, up from 50 percent in 2005.
While Symantec has forecast a decline of the incidence of spam in past Internet threat reports, it said the reversal indicates that spammers may have found means to circumvent anti-spam measures or bypass defenses that administrators usually put in place.
Because of the advent of wired networks, the Symantec report has tracked threats against wireless networks. Symantec holds the view that although wireless vulnerabilities are similar to the vulnerabilities of wired networks, there are susceptibilities unique to the wireless network infrastructure such as devices probing for access point, which comprise 30 percent of the attacks monitored.
The report said devices probing for an access point could compromise an organizations internal network in the sense that attackers could gain access to sensitive corporate data by "eavesdropping on network communication." It also gives attackers a launching pad for further attacks.
Other wireless threats include spoofed MAC address, unauthorized netstumbler client, roque wireless access point, unauthentication association denial of service attack, radio frequency jamming denial of service attack, and illegal 802.11 packet, among others.