Serious Web Attack Threats Loom

February 4, 2003

SEATTLE, Washington (Reuters) -- The number of cyber attacks on corporate networks rose 20 percent in the second half of 2002, Web security provider Symantec Corp. said in a report published this week, as the number of reported vulnerabilities nearly doubled from a year earlier.

The report came days after the debilitating attack of the "SQL Slammer" worm that suddenly slowed Internet traffic worldwide, nearly shut down Web access in South Korea and brought many U.S. automatic teller machines to a standstill.

Average attacks per company, according to research conducted by Symantec, rose 20 percent in the last six months of 2002 compared to the same period a year earlier, Symantec said.

Growing vulnerabilities

Symantec also said that the number of vulnerabilities in networks and software jumped 81.5 percent in the second half of 2002 from the previous year.

Vulnerabilities are weak points that harmful computer viruses and worms use to enter and exploit systems.

The SQL Slammer, for example, exploited a previously known vulnerability in Microsoft Corp.'s SQL corporate database software to flood computers and networks with copies of itself.

Microsoft, after announcing its "Trustworthy Computing" initiative just over a year ago, has vowed to make its software more secure.

Symantec said that the rise in reported vulnerabilities was most likely due to more responsible disclosure by software makers and more sophisticated attacks.

"It could be that more vendors are reporting vulnerabilities as they are patched," Symantec's Chief Technology Officer Robert Clyde said.

Unleashing malicious code

Despite the apparent rise in Web-based security threats, Symantec also noted that cyber attacks actually fell 6 percent in the second half of 2002 compared to previous six months.

WHAT IS A WORM?
A program that makes copies of itself -- for example, from one disk drive to another, or by copying itself using e-mail or another transport mechanism.   Source: Symantec

Since that tally doesn't include worms, a type of malicious program that replicates itself and clogs computer memory and networks, the Symantec report doesn't necessarily measure the severity or degree of attacks.

The SQL Slammer was a worm and was the worst new widespread security attack in the 18 months since the Code Red worm hit corporate networks in 2001, experts said.

Patterns detected

Symantec also noted several unique patterns of activity in the report.

Contrary to the popular image of cyber attackers working late at night and at odd hours to unleash malicious code, Symantec found that attack volume tracked the work day and work week, with lower activity detected on Saturdays and Sundays.

Peak activity was usually detected between the overlapping working day between Europe and North America, the report said.

http://www.cnn.com/2003/TECH/internet/02/04/symantec.report.reut/index.html