Symantec: fewer attacks, more opportunities

Attacks on company networks decreased over the past six months, but the number of reported software vulnerabilities exploded during that time, creating the possibility of more serious Internet-borne mischief in the future, Symantec said in a report issued Monday.

The findings are included in the latest Internet Security Threat Report, a semi-yearly report from Symantec, based in Cupertino, Calif.

The report compiles data relating to cyberattacks on 400 companies worldwide that are Symantec customers. The statistics used in the report include information collected from intrusion detection systems (IDS), firewalls, and malicious code samples submitted to Symantec's vulnerability database.

Symantec found that, on average, companies experienced 30 attacks a week in the second half of 2002, compared with 32 in the first six months of the year, a 6 percent reduction. Symantec defined attacks as "individual signs of malicious activity."

In addition, the rate of severe events declined, with 21 percent of the companies that made up the sample suffering a severe event during the past six months, compared to 23 percent of companies in the six months before that and 43 percent of companies in the second half of 2001.

Severe events were defined by Symantec as "sequences of attack activity that have either caused a security breach on a company's network or present an immediate danger of a security breach if intervention is not taken."

While lower than the preceding six months, the average number of attacks per company in the final six months of 2002 was still 21 percent higher than for the same period in 2001.

Those numbers may get worse before they get better. Symantec documented more than 2,500 new vulnerabilities in 2002, an 81 percent increase from the number found in 2001. The number of moderate and high-severity vulnerabilities was almost 85 percent greater than in 2001.

While the increase in the number of software vulnerabilities may reflect increased media attention on the problem and the creation of more responsible disclosure policies in companies, new strategies for exploiting previously unrecognized weaknesses in software code may also be responsible.

The number and severity of the discovered vulnerabilities are fertile ground for new "blended threats" that leverage two or more different security flaws to execute an attack, Symantec said.

The security vendor also found:

-- Power and energy companies experienced the highest volume of attacks and the highest rate of severe events compared with companies in other industries.

-- Telecommunications and financial services companies as well as high-profile nonprofit groups were also common targets of cyberattacks.