Attacks on company networks decreased over the past six months, but the number of reported software vulnerabilities exploded during that time, creating the possibility of more serious Internet-borne mischief in the future, Symantec Corp. said in a report released Monday.
The findings are included in the latest Internet Security Threat Report, a semi-yearly report from Symantec, based in Cupertino, California.
The report compiles data relating to cyberattacks on 400 companies worldwide that are Symantec customers. The statistics used in the report include information collected from intrusion detection systems (IDS), firewalls, and malicious code samples submitted to Symantec's vulnerability database.
Symantec found that, on average, companies experienced 30 attacks a week in the second half of 2002, compared with 32 in the first six months of the year, a 6 percent reduction. Symantec defined attacks as "individual signs of malicious activity."
In addition, the rate of severe events declined, with 21 percent of the companies that made up the sample suffering a severe event during the past six months, compared to 23 percent of companies in the six months before that and 43 percent of companies in the second half of 2001.
Severe events were defined by Symantec as "sequences of attack activity that have either caused a security breach on a company's network or present an immediate danger of a security breach if intervention is not taken."
While lower than the preceding six months, the average number of attacks per company in the final six months of 2002 was still 21 percent higher than for the same period in 2001.
Those numbers may get worse before they get better. Symantec documented more than 2,500 new vulnerabilities in 2002, an 81 percent increase from the number found in 2001. The number of moderate and high-severity vulnerabilities was almost 85 percent greater than in 2001.
While the increase in the number of software vulnerabilities may reflect increased media attention on the problem and the creation of more responsible disclosure policies in companies, new strategies for exploiting previously unrecognized weaknesses in software code may also be responsible.
The number and severity of the discovered vulnerabilities are fertile ground for new "blended threats" that leverage two or more different security flaws to execute an attack, Symantec said.
The security vendor also found:
-- Power and energy companies experienced the highest volume of attacks and the highest rate of severe events compared with companies in other industries.
-- Telecommunications and financial services companies as well as high-profile nonprofit groups were also common targets of cyberattacks.
-- The two most common origins of cyberattacks were the U.S. and South Korea. More than 35 percent of all such attacks originated from computer systems in the U.S. in the second half of 2002. More than 12 percent originated from systems in South Korea.
-- South Korea and Poland topped the list of the countries with the most attacks per Internet user. South Korea had more than 23 attacks per 10,000 Internet users in 2002, up from just six per 10,000 users in the preceding six months.
-- Microsoft Corp.'s operating systems were, by far, the most common platforms used by malicious hackers to launch attacks, accounting for 78 percent of all attacks recorded by Symantec during the second half of 2002.
-- Cyberterrorism remained more fear than reality, with none of the severe events detected by Symantec traced to countries linked with terrorism and less than 1 percent of all attack traffic originating from such countries. The list of countries linked to terrorism used by Symantec includes those nations on the U.S. State Department list of designated sponsors of terrorism, as well as other countries with links to terrorist organizations such as Afghanistan, Pakistan, Kuwait, Saudi Arabia and Indonesia.
The risk of continued cyberattacks and infections from worms, viruses and other malicious code remains high, Symantec said.
To better secure their networks, companies and organizations should refine their security configuration and patch management practices, scrutinize vulnerable instant messaging and peer-to-peer applications running on corporate networks, Symantec said. They also should have an awareness of threats posed by insiders and by remotely accessible Web-based applications, Symantec said.
While the 6 percent increase in average weekly attacks is not particularly significant, network managers should pay attention to big swings in numbers, such as the change in the number of vulnerabilities reported by Symantec, according Laura Koetzle, an analyst at Forrester Research Inc.
In addition, Symantec's figures on the geographic sources of attacks can serve as a warning to companies doing business in those countries that their networks may be at increased risk from those looking to use corporate resources to attack other parts of the Internet, Koetzle said.