Study Shows 150% Increase In Security Events

November 2004

Excerpt from the Verisign Internet Security Intelligence Briefing, November 2004

This past quarter, security professionals have observed one clear phenomenon: Attackers are honing their craft. They are getting not only faster but more creative; they are widening their net and becoming increasingly persistent.

The past few months have brought on a growing number of hybrid attacks. “Hybrid,” in that they no longer simply create Denial-of-Service conditions and terminate, as did Code Red, SQL Slammer, and many other attacks. In this recent series of hybrid attacks, hackers leverage system exploits as the first stage in a larger information/identity theft attack. Several complex attacks have been launched recently that not only exploit vulnerabilities in the Windows OS and Microsoft Internet Explorer, but also launch social-engineering attacks via AOL Instant Messenger, all as part of a larger effort to install keystroke loggers in a victim’s computer for the purpose of phishing.

Attackers have apparently been brushing up on their programming skills as well. Exploit code has become increasingly sophisticated lately. Sample exploits, those that can be quickly found online, used to be of very poor quality, requiring a skilled programmer to painstakingly edit the code in order to produce a working exploit. In contrast, sample exploit code this past quarter has been surprisingly simple to make work. This refined skill on the part of the experts is in turn enabling junior hackers, A.K.A. “script kiddies,” to wreak havoc much more quickly.

Persistence is apparent on the virus/worm front, where an almost constant stream of MyDoom, Bagle, and Netsky mutations continue to appear. The complexity and sophistication of each variant has also been steadily increasing, as spammers align themselves with virus authors in an attempt to increase revenue.

Leaving no platform untouched, viruses and worms also pose a threat to PDAs, cell phones, and other mobile devices. This quarter, multiple pieces of malware began to mount a slow but steady attack on these mobile operating systems. Rapidly becoming the “low hanging fruit” of network targets, mobile computing devices are just starting to become recognized by security managers.

In Q3 2004, we observed a 150% growth in the number of security events per device per day over Q3 2003.

Source...

 

With Dionach you get:

• An efficient, friendly and flexible service
• To talk directly to the experts
• Straightforward assessment reports that get to the point
• Complete confidentiality and utmost discretion