Hackers look for ways to take down as many systems as possible with
a single exploit
Last month, I read that the leading 100 German fighter aces of the
Second World War were responsible for the loss of more than 15,000
allied aircraft. This statistic sparked a comparison with the
results of the latest Symantec Internet Threat Report, which, for
the first time, consolidates data from the company's recent
acquisition of Riptech and SecurityFocus.
The report, quite possibly one of the most detailed seen to date,
illustrates how internet threats have intensified and evolved in
many ways, while remaining relatively stable against other
criteria.
Although the overall number of attacks decreased last year, the
total number of vulnerabilities rose alarmingly. Symantec
documented 2,524 new vulnerabilities in 2002, up a whopping 81.5%
from 2001.
The report argues that despite this overall decline in attacks,
many organisations, notably those in the financial services sector,
experienced a sharp rise in attack volume and relative attack
severity, while other companies, such as tenured security
monitoring clients, substantially reduced their risk profile.
Approximately 60% of the documented vulnerabilities were easily
exploitable either because sophisticated tools were widely
available for use by the "wannabe hacker" community or because
exploit tools were not required at all.
This potential for the introduction of entirely new, and
potentially more destructive forms of malicious code and
cyberattack tools represents a substantial future risk to business.
As a result, a number of companies have fled to open source in the
hope that this will offer better security, but Symantec reveals
that a number of widely used open source applications were
"trojanised" with backdoors during the past year. The attacks
targeted high-profile distribution sites that had taken significant
efforts to protect themselves.
The report says, "This may serve as a warning not only to other
open source projects, but also to commercial software suppliers.
Rather than targeting individual systems, attackers are clearly
exploring alternative ways of impacting a large number of systems
in a short period of time."
Certainly, like the top Luftwaffe pilots of the Second World War, a
relatively small percentage of exploits and vulnerabilities appears
to account for a disproportionate amount of damage to business, and
more than a few big companies have gone down in flames as a
consequence of poor patching.
One IT manager, commenting on the damage caused by the Slammer
worm, says, "Apathy may be the cause of a certain percentage of the
unpatched SQL Server boxes. However, IT understaffing and fear of
managerial reprisals for patching a production SQL Server
installation and taking it out of commission are more likely to be
the culprits for Slammer infections."
It all rather sounds to me like the modern equivalent of Bomber
Command, in the interest of reducing weight, stripping the armour
plating from Lancaster bombers in the Second World War. The lessons
of history never stop repeating themselves but human nature remains
sadly very much the same, and Symantec's research clearly shows
where the defensive efforts could best be placed in future.
Simon Moores is chairman of Zentelligence (Research)www.zentelligence.com