Severe increase in ‘severe’ security attacks

Security software vendor Symantec has reported a slight decline in the number of network-based attacks during the second half of 2002 compared to the first half of the year – but this is no reason for complacency, the company warns.

Overall, says Symantec’s report, IT security threats remain “substantial and constantly evolving”, and moreover, their growing sophistication has increased the threat of compromise “for companies that do not make use of appropriate countermeasures”.

Excluding worm activity, the rate of network-based attacks was 6% lower in the latter half of 2002 compared to the rate recorded during the first six months of the year.

Similarly, the ‘severe event’ incidence rate during the second half of 2002 was slightly lower than the rate recorded during the prior six-month period. According to Symantec’s survey, 21% of companies suffered at least one severe event

 
 

Sources of network-based attacks during the second half of 2002
Source: Symantec
 

during the latter half of 2002, compared to 23% in the six-month period up to July 2002. Symantec defines a severe attack as one that involves “sequences of attack activity that have either caused a security breach on a company’s network or present an immediate danger of a security breach if intervention is not taken.”

However, Symantec documented 2,524 new vulnerabilities during 2002 – an 81.5% increase over 2001, and this increase in vulnerabilities was notable for a sharp rise in vulnerabilities defined as ‘moderately severe’ and ‘highly severe’.

In particular, so-called ‘blended threats’ – such as the 2002 Bugbear and Klez attacks that combined email viruses with other malicious code – pose the biggest threat to IT systems. Bugbear, Klez and the lesser-known Opaserv worm alone accounted for nearly four-fifths of malicious code submissions to Symantec in the second-half of 2002.

In addition, many organisations continue to be afflicted by older blended threats, including the infamous Code Red and Nimda attacks of 2001.

In regional terms, the main originator – and target – of network-based attacks is the United States. But the number of attacks coming from South Korea is growing quickly as a result of a fast roll-out of broadband Internet in that region. Eastern Europe is also an increasing source of attacks, particularly Poland, the Czech Republic and Slovakia, as well as the Baltic states and Romania.

However, Symantec, whose report monitors 18,000 devices in 180 countries, says it recorded no verifiable cases of cyber terrorism during the last six months of 2002, adding that less than 1% of all attack activity emanated from countries on the cyber-terrorist watch list.

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics