Internet threats take on new hue

The daily volume of Internet attacks dropped off in the first half of this year, and the rate at which new vulnerabilities are being reported appears to have hit a plateau, according to Symantec Corp.'s latest threat report.

Despite the relative lull in attacks, the Cupertino, Calif., company's biannual Internet Security Threat Report noted a troublesome shift in hacker activity.

From January through June, there was a sharp increase in bot networks. The number of these remotely controlled networks of compromised computers jumped from fewer than 2,000 to more than 30,000, Symantec noted in the report released today.

"We're effectively seeing a land grab" as hackers scramble to take control of as many vulnerable systems as possible, said Brian Dunphy, director of global analysis for Symantec managed security services.

The Symantec report is an analysis of security incidents observed on 20,000 devices deployed by the company's DeepSight Threat Management System and managed security services.

Hackers typically use bot networks as platforms for scanning other systems for vulnerabilities and for launching attacks. The use of compromised zombie computers can help hide the source of probes and attacks. They also can multiply the impact of an attack and be used to send spam.

There appears to be a change in motives for launching attacks, Dunphy said. Bragging rights and notoriety no longer seem to be the primary reasons.

"We have seen more of a shift to financial gain," he said.

This shift appears to be borne out by the number of online business targeted by hackers in the first half of 2004. Customer lists for these businesses can be sources of personal information and credit card numbers.

Online businesses were the single most frequent targets for attacks during the last six months, accounting for 16 percent. This is up from just 4 percent the previous six months.

The pressure on systems administrators and end users to patch security vulnerabilities continues to increase. Symantec documented 1,237 new reported vulnerabilities -- that's an average of 48 per week for first half of the year.

Although this number is down slightly from the previous six months, the average time between the announcement of a vulnerability and the appearance of code to exploit it has shrunk to less than six days.

"You can't go patching command and control systems in 5.8 days without risking leaving troops somewhere in the world unsupported," Dunphy said.

The alternative is to accept and manage a level of risk from vulnerabilities while patches are tested and validated. This includes building tolerance and redundancy into systems, layering defenses from the service provider down to the server, and leveraging third-party expertise by outsourcing appropriate functions.

About the Author

William Jackson is a Maryland-based freelance writer.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here


  • POWER TRAINING: How to engage your customers

    Don't miss our Aug. 2 Washington Technology Power Training session on Mastering Stakeholder Engagement, where you'll learned the critical skills you need to more fully connect with your customers and win more business. Read More


    In our latest Project 38 Podcast, editor Nick Wakeman interviews Tom Romeo, the leader of Maximus Federal about how it has zoomed up the 2019 Top 100. Read More

contracts DB

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.