Security software company Symantec has warned that
vulnerabilities in web application are continuing to pose serious
threats, allowing hackers to access confidential
information.
In its latest Internet Security Threat Report it found that
nearly 48% of all vulnerabilities documented between 1 July and 31
December 2004 were web application vulnerabilities.
Symantec warned that web applications are popular targets
because they are widely deployed and can allow attackers to
circumvent traditional security measures such as firewalls. Web
application vulnerabilities made up 48% of all vulnerabilities
disclosed, up from 39% in the first half of 2004, according to the
results from Symantec.
Symantec found that organisations received 13.6 attacks per day,
up from 10.6 in the previous six months.
Significantly, for the third straight reporting period, the
Microsoft SQL Server Resolution Service Stack Overflow Attack
(formerly referred to as the Slammer Attack) was the most targeted
vulnerability, used by 22% of all attackers.
Symantec found 1,403 new vulnerabilities, a 13% increase over
the previous six-month period.
The report also showed that the UK had the highest percentage of
"bots", compromised PCs that launch attacks across the
internet.
Known bot network computers declined from more than 30,000 per
day in late July to an average of below 5,000 per day by the end of
the year.
From its research Symantec believes that the use of bots and bot
networks for financial gain will increase as will the use of
embedded content in audio and video images to launch hidden
attacks. It also expected malicious code targeting mobile devices
to increase in number and severity.
The analysis was based on 20,000 sensors monitoring network
activity in over 180 countries by Symantec DeepSight Threat
Management System and Symantec Managed Security Services.