Fewer attacks, more damage

Hackers look for ways to take down as many systems as possible with a single exploit.

Hackers look for ways to take down as many systems as possible with a single exploit

Last month, I read that the leading 100 German fighter aces of the Second World War were responsible for the loss of more than 15,000 allied aircraft. This statistic sparked a comparison with the results of the latest Symantec Internet Threat Report, which, for the first time, consolidates data from the company's recent acquisition of Riptech and SecurityFocus.

The report, quite possibly one of the most detailed seen to date, illustrates how internet threats have intensified and evolved in many ways, while remaining relatively stable against other criteria.

Although the overall number of attacks decreased last year, the total number of vulnerabilities rose alarmingly. Symantec documented 2,524 new vulnerabilities in 2002, up a whopping 81.5% from 2001.

The report argues that despite this overall decline in attacks, many organisations, notably those in the financial services sector, experienced a sharp rise in attack volume and relative attack severity, while other companies, such as tenured security monitoring clients, substantially reduced their risk profile.

Approximately 60% of the documented vulnerabilities were easily exploitable either because sophisticated tools were widely available for use by the "wannabe hacker" community or because exploit tools were not required at all.

This potential for the introduction of entirely new, and potentially more destructive forms of malicious code and cyberattack tools represents a substantial future risk to business. As a result, a number of companies have fled to open source in the hope that this will offer better security, but Symantec reveals that a number of widely used open source applications were "trojanised" with backdoors during the past year. The attacks targeted high-profile distribution sites that had taken significant efforts to protect themselves.

The report says, "This may serve as a warning not only to other open source projects, but also to commercial software suppliers. Rather than targeting individual systems, attackers are clearly exploring alternative ways of impacting a large number of systems in a short period of time."

Certainly, like the top Luftwaffe pilots of the Second World War, a relatively small percentage of exploits and vulnerabilities appears to account for a disproportionate amount of damage to business, and more than a few big companies have gone down in flames as a consequence of poor patching.

One IT manager, commenting on the damage caused by the Slammer worm, says, "Apathy may be the cause of a certain percentage of the unpatched SQL Server boxes. However, IT understaffing and fear of managerial reprisals for patching a production SQL Server installation and taking it out of commission are more likely to be the culprits for Slammer infections."

It all rather sounds to me like the modern equivalent of Bomber Command, in the interest of reducing weight, stripping the armour plating from Lancaster bombers in the Second World War. The lessons of history never stop repeating themselves but human nature remains sadly very much the same, and Symantec's research clearly shows where the defensive efforts could best be placed in future.

Simon Moores is chairman of Zentelligence (Research) www.zentelligence.com

Read more on IT risk management