Web apps new target for attacks, says report

Attackers have found a new vehicle for launching attacks targeting client-based computer systems, and traditional network defenses are no longer sufficient to protect against these breaches, a recent security report said.

According to the latest Internet Security Threat Report from Cupertino, Calif.-based Symantec Corp., over half of the attacks reported over the past six months infected Web application technologies. Seventy four per cent of these attacks involved exposure of confidential information such as keystroke logging software and Trojans.

The report covered the first six months of 2005 from data gathered through Symantec’s DeepSight Threat Management System and Symantec Managed Security Services. It consisted of 24,000 sensors monitoring network activity in over 180 countries.

Web-based applications are increasingly becoming easy targets for attackers because they rely on a Web-browser for user interface, said Dean Turner, senior manager for Symantec security response. Web browsers are available over commonly used protocols, such as HTTP, and are usually allowed to pass through network security perimeters.

“Attackers know that enterprises are putting measures in place to stop them from getting in at the network level [so they] have shifted their focus to the types of traffic that are allowed through those network,” Turner said.

The report also found that attackers are getting increasingly motivated by financial gains through identity theft, extortion and fraud.

New threats, according to the report, will be dominated by bot networks, customizable modular malicious code, and attacks on Web applications and Web browsers. Symantec noted an increase of over 100 per cent in bot network attacks, affecting 10,352 computers per day.

“It is reasonable to assume that as the financial rewards increase, attackers will develop more sophisticated and stealthier malicious code that will attempt to disable antivirus, firewalls and other security measures,” the report said.

The report also found increased denial-of-service attacks from an average of 119 per day to 927 per day during the January to June reporting period. This represents a 680 per cent increase over the previous reporting period.

While the period of vulnerability – the time between a vulnerability disclosure and the release of an associated patch – has been continuously decreasing over time, the period in which a related exploit is launched has also decreased from 6.4 days to 6 days.

On average, it takes 54 days from the time a vulnerability is discovered until a patch is released, leaving companies and consumers unprotected for an average of 48 days.

Symantec recorded over 1,800 new vulnerabilities during the six-month period, an increase of 31 per cent over the previous reporting period.

Spam remains to be a big problem, making up 61 per cent of all e-mail traffic during the six-month reporting period. Spam serves as a perfect vehicle for viruses, worms, Trojans, and phishing, said Turner.

Companies need to be protected from end-to-end, he said. “It is not only important to have anti-virus, firewalls and intrusion detection at the edge of your network. It is also increasingly important to have that on the desktop so [when] an incident occurs, you have another layer of security at the desktop.”

Turner also stressed companies should have a back-up and storage strategy that is offsite so when an attack does become successful, companies could minimize losses by having the capability to retrieve lost data.

Related links:

Symantec report sparks safe-browser debate

Mobile Trojan targets PCs too

Related Download
3 reasons why Hyperconverged is the cost-efficient, simplified infrastructure for the modern data center Sponsor: Lenovo
3 reasons why Hyperconverged is the cost-efficient, simplified infrastructure for the modern data center
Find out how Hyperconverged systems can help you meet the challenges of the modern IT department. Click here to find out more.
Register Now