« Technorati Trying Tough Love With Broken Blogs | Main | Tech Company 101: When In Doubt, Form a "Coalition." »
April 8, 2008
Symantec Threat Report: Web Threats Outnumber Traditional Malware
There aren't a lot of surprises to be found in the semi-annual Internet Security Threat Report from Symantec. The trend is still with Web-based vulnerabilities:
"In the past, traditional attack activity primarily used widespread, broadcast attacks aimed at computers deployed on networks. However, as administrators and vendors fortified perimeter defenses with tools such as firewalls and intrusion detection/prevention systems (IDS/IP S), attackers responded by adopting new tactics. Instead of trying to penetrate networks with high-volume broadcast attacks, attackers have adopted stealthier, more focused techniques that target individual computers through the World Wide Web. This may be driven, in part, by the fact that compromises that affect computers on enterprise networks are increasingly likely to be discovered and shut down. On the other hand, activity that takes place on end users’ computers and/or Web sites is less likely to be detected. As a result of these considerations, Symantec has observed that the majority of effective malicious activity has become Web-based: the Web is now the primary conduit for attack activity.
"Site-specific vulnerabilities are perhaps the most telling indication of this trend. These are vulnerabilities that affect custom or proprietary code for a specific Web site. During the last six months of 2007, 11,253 site-specific cross-site scripting vulnerabilities were documented. This is considerably higher than the 2,134 traditional vulnerabilities documented by Symantec during this period."
Posted by mhall at 4:59 PM | Add Comment
Leave a comment