State of Internet security: Bad and getting worse
- By William Jackson
- Mar 15, 2004
Although the rate of new security vulnerability discoveries is leveling off, the exploits are coming faster and are getting more sophisticated, the most recent Internet Security Threat Report notes.
Blended attacks, such as last summer's Blaster, Welchia and SoBig F worms, are becoming the most common serious types of threat, according to the fifth semiannual report from Symantec Corp. of Cupertino, Calif.
The result is a shorter window for systems administrators to patch holes and a growing number of enterprises succumbing to systems failures because of malicious code.
The threat report draws on data gathered from Symantec customers and 20,000 sensors monitoring network activity worldwide. The most recent report focused on the last six months of 2003.
David Jordan, chief information security officer for Arlington County, Va., said the report 'appears to reflect accurately our picture from here. Things are not getting better out there.'
The good news is that paying attention to basic security practices'such as keeping patches up-to-date, managing configuration and monitoring network activity'can help avoid even sophisticated, fast-moving threats. The bottom line, Jordan said, is that education's the most cost-effective tool.
'People have to spend time educating their employees,' he said. Department heads and elected officials also have to be taught the critical needs of IT security so that security officials can get their share of money available for security.
'Education is the best weapon we have,' Jordan said.
The trend toward more damaging malicious code increased in the first months of this year. The MyDoom worm that hit in January spread with exhausting speed, installing back doors that were being exploited almost immediately by new worms. MyDoom also was the first worm to try to keep a low profile by avoiding the sensitive .gov and .mil domains.
This turned out not to be good news for the government, said Tony Vincent, Symantec's lead global security architect.
'It's quite possible that the worm gets into the network anyway, and they don't get advance notice,' Vincent said. Common avenues of infection for government systems were partner networks in other domains and mobile devices that become infected elsewhere. Although MyDoom did not target .gov and .mil networks, once inside it did spread.
One sharply defined trend late last year was the fivefold growth in malicious code gathering passwords, decryption keys and other information from infected computers.
Identity fraud also increased sharply in the last year, the Federal Trade Commission said. Reports of identity theft grew by 33 percent last year compared to 2002.
'It's hard to draw the association' between the two trends, Vincent said. 'I'm not sure I can prove a correlation.'
William Jackson is a Maryland-based freelance writer.