The number of viruses and worms launched through the Internet may be reaching a plateau, but the damage they inflict on enterprise systems is becoming more easily executed.
In its semi-annual report, anti-virus software company Symantec Corp. said there were 2,636 vulnerabilities disclosed last
year. And while that was a marginal two per cent increase over the number in 2002, about 70 per cent of those disclosed were easily exploited, which means there was no exploit code required or that the exploit code was publicly available on the Internet.
“”If there were 70 per cent of the 2,636 — that’s 1,845 vulnerabilities easily exploitable — that’s of greater concern to me,”” said Michael Murphy, Symantec Canada’s general manager.
Six months ago Symantec reported that attacks targeted public infrastructure or server-based systems. But in this report, it noted for the first time there is a trend to targeting core components of Windows operating systems.
“”It’s what Blaster and Welchia exploited, which are all around client-side components versus server side that we’ve seen in the past, which means threats are more widespread, with greater reach, and they affect more systems more quickly,”” said Murphy.
In the first half of 2003, only one- sixth of the companies analyzed reported a serious breach. In the second half of the year, half of the companies reported a serious breach.
Financial services, health care and power and energy firms were hardest hit, while threats to privacy and confidentiality were the fastest-growing threat.
The value placed on the attacks worldwide has been pegged at US$2 billion (based largely on time lost dealing with the viruses and any opportunities lost) according to Computer Economics, a California-based research firm.
“”The (dollar) amount isn’t as significant as is the insidious nature of the threats. That’s more telling than the number you associate with it,”” Murphy said.
The question for companies is how to best optimize resources to fight against those insidious threats, said Victor Keong, partner, security services with Deloitte in Toronto. He said a well-developed security plan that is management-driven from the top is critical, as opposed to fighting fires day-to-day.
“”Because it’s a newer kind of malicious code, they need to be vigilant about managing vulnerabilities if and when a specific vulnerability emerges, and have an action plan or system process to address that,”” he said. “”A lot of IT people complain they already have a lot of work to do but still have to manage patches. Patch management is typically made a lesser priority, but these viruses take advantage of that. They use exploit-driven virus code to get into the environment of an unpatched system.””
One of the most significant events of 2003 was in August, when three worms were released in only 12 days. Blaster, Welchia, and Sobig.F infected millions of computers worldwide.