Two reports out this week on the State of the Union security-wise, and, as you might have expected, there are some divergence in the conclusions. They’re also complementary in a way, and the pair gives a clearer picture of the security battlefield.
Symantec Corp. took the wraps off its twice-yearly Internet Security Threat Report at 12:01 a.m. Monday. IBM Internet Security Systems chipped in with its two cents later in the day.
There are some things on which the two reports agree; first and foremost that the black hats are becoming more professional and profit-oriented. “There’s money to be made in the attacks today,” Michael Murphy, GM of Symantec Canada, told journalists and analysts at an embargoed briefing on Friday.
There’s also a growing element of commercialization of the malware market. “The majority of attacks today are generated by tool kits you can buy,” Murphy said. MPack, for example, is a $1,200 phishing tool kit which compromises legitimate Web sites and redirects traffic to an MPack Server, which downloads a “small, modular threat” to the user’s system.
Further to the commercialization point, IBM Internet Security Systems’ X-Force R&D team points to a burgeoning “exploits as a service” industry (and coins the rather innocuous title of “managed exploit provider”). And the MEPs have added a leasing element, allowing malware perps to test exploits for less upfront – a sort of “try before you buy” arrangement.
The two agree that Trojans are the predominant Internet threat this year. Worms and viruses are passé, particularly in Canada where, Murphy says, ISPs have taken it upon themselves to do something about the problem. Of the Top 10 exploits catalogued by Symantec, Murphy said, seven – including Nos. 1 through 6 -- are Trojans. The other three are back doors. For its part, X-Force said Trojans accounted for 28 per cent of all malware.
And the sheer volume of malware is making the current security regimen sag at the shoulders. With more than 600,000 attacks catalogued – 212,000 of them added since January of this year – “we’re approaching a tipping point,” where there just won’t be room in antivirus databases for all of them, Murphy said. But legitimate applications are about the same in number as they were when only about 15,000 attacks had been documented. A white-list, allow-only approach may be the better one, as opposed to “an ever-growing black list.”
“I think this will be the future of security technology,” Murphy said.
A few other interesting nuggets:
• On the spam front, if you think most of your e-mail is UCE, you’re right. Symantec, monitoring from two million decoy accounts, figures 61 per cent of all e-mail is spam. Sixty per cent of that’s in English, and 47 per cent comes from the U.S. Canada dropped out of the Top 10 origin-of-spam countries. X-Force says spam message size has decreased; image-based spam is down to 30 per cent from 40 as spammers experiment with PDF- and Excel-based spam.
• Fifty-nine per cent of known phishing Web sites are located in the U.S., Symantec says. X-Force says Spain has surpassed South Korea as a source of phishing e-mail, accounting for 17.9 per cent. • Israel experienced the most malicious activity per Internet user, followed by Canada and the U.S., says Symantec.
• Eighty-five per cent of credit cards stolen over the Net were issued by U.S. banks, Symantec said.
There’s more juicy malware info at the companies’ sites. Symantec’s ISTR is here (http://www.symantec.com/enterprise/theme.jsp?themeid=threatreport), and you can find X-Force’s report here. (http://www.iss.net/x-force_report_images/2007)