Forwarded from: Justin Lundy <jbl@private> http://www.informationweek.com/story/showArticle.jhtml?articleID=15201000 By Gregg Keizer TechWeb News Oct 1, 2003 Attackers are targeting the newest security vulnerabilities, giving businesses less time to patch and protect their systems, according to a report released Wednesday by Symantec Corp. The security vendor's twice-annual Internet Security Threat Report, which compiles data from customers as well as from more than 20,000 sensors embedded in its global DeepSight Threat analysis system, paints an ugly picture. "This has a very fundamental impact on enterprises," said Vincent Weafer, senior director of Symantec's security response center, "and puts the spotlight on patch-management issues." Data compiled by Symantec, one of the leading providers of security services and products, shows that 64% of attacks during the first six months of this year were aimed at vulnerabilities less than one year old; most of those--39% percent--targeted security flaws that had been disclosed in the previous six months. "That's a major change," said Weafer, who pointed out that in the past, most attacks exploited vulnerabilities as old as two years. "Now attacks are changing to leverage the newest vulnerabilities." The rush to protect--as evidenced by the short span between the disclosure of the RPC DCOM vulnerability and the appearance of the Blaster worm just 26 days later--means that companies find it increasingly difficult to patch all their systems before an attack arises. "Risk assessment is becoming more important, and is a huge issue for enterprises," Weafer said. "Companies are struggling with questions like 'How do I prioritize?' and 'How do I determine which vulnerability to patch?' That's a common theme we're seeing from all the large enterprises." The solution, he said, is solid risk intelligence that not only waves a red flag when exploits appear--or even before--but that gauges the likelihood of that exploit being dangerous, based on past performance by similar threats. Among the other major trends, Symantec spotted a significant increase in the number of blended threats--ones that use multiple vectors such as E-mail, instant messaging, Internet Relay Channel, and peer-to-peer networks to infect and compromise systems. "The blended threat story is continuing to evolve," said Weafer, "but it's the big story here." According to Symantec's data, the number of blended threats rose 20% during the first six months of this year over the first half of 2002. To deflect these blended threats, companies need to deploy a wide range of security services, Weafer said, including firewalls, anti-virus guardians at the gateway, and intrusion-detection and prevention systems. An increasing number of attacks against Windows is another noticeable trend, he said, something that few companies need confirmation of, what with the wave of attacks that have targeted vulnerabilities in Windows so far this year. In the first six months of 2003, the number of viruses and worms aimed at Windows more than doubled compared to the same period in 2002, Symantec's numbers showed. While Weafer was reluctant to blame Microsoft for the problem, he said Microsoft's products would always be among the top targets because of their dominance on the desktop and within the network. In particular, Symantec expects that Microsoft's Web server and its Internet Explorer browser will be among the targets of future attacks, thanks to published vulnerabilities and their popularity. Symantec passed out advice as well as numbers in its report, and urged businesses to keep patches up-to-date on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services; turn off or remove unnecessary services, especially within Windows; and quickly isolate any infected computers to prevent them from spreading malicious code through the organization. "The world is simply more connected," Weafer said as he pointed out that 80% of all vulnerabilities can be exploited remotely over the Internet. "And we're going to see more of these worms." Justin Lundy Tegatai Systems www.tegatai.com - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Oct 02 2003 - 05:42:46 PDT