Tuesday, March 20, 2007

Top 10 Internet Security Threats & U.S. Scenario

Yesterday, I reported that Symantec has released its XI Internet Security Threat report (July 1st - Dec 31st 2006) which is now available for public download. I went ahead to study the report in detail and trying to put across some of the major points. Let me first appreciate Symantec for coming out with a very informative report on Internet Security Threats and the introduction of many first-time analysis is really commendable.

Let's start with having a look at some of the trends that have emerged during this period.

1. Data theft, data leakage and confidential information theft for financial gains has emerged as the top most threat.
2. The attackers are consolidating their assets, like bots, trojans, worms, to make a coordinated network of criminal activities.
3. Usage of medium severity attacks, which does not result in an immediate effect, to first enter the system quietly and subsequently launching more powerful attacks in a consolidated manner.

4. Emergence of "Underground Economy Servers", which are used by criminals to sell stolen information. The hub of these servers is U.S. with 51% servers located there. See the image below.

The Top 10 of Internet Security Threat

1. Government sector topped the number of data breaches, potentially leading to identity theft, accounting for 25% of the total.
2. Microsoft Internet Explorer topped in all browser targeted attacks with 77% contribution.
3. China tops with the maximum bot-infected computers in the world, a whopping 26% of the worldwide total.
4. In cities, Beijing tops with just over 5% bot-infected computers of the worldwide total.

5. Israel tops the malicious activity per Internet user list.
6. SMTP tops the list for propagation mechanism with 78% of the malicious code being spread using it.
7. In databases, Oracle has 168 vulnerabilities documented by Symantec which is more than any other database.
8. Financial services sector tops with 30% of the total spam being related to it.
9. MSN Messenger with 35% tops the categories of new messaging threats.
10. Last but the biggest, Home Users accounted for 93% of all the attacks making it to the top in all user categories.

The U.S. Scenario of Internet Security Threat

According to the report, U.S. tops in 5 out of 6 kinds of malicious activities as depicted in the table below. This does not come as a surprise as U.S. comprises of 19% of the world's Internet population, has such a large Internet infrastructure with a steady growth in broadband user base. This provides more opportunities for attackers to spread malicious activity. Below are some of the highlights specific to U.S. Internet scenario.

1. With 33% attacks originating out of U.S., it is the top most country in worldwide attacking activities.
2. It has the highest number of bot command and control computers with 40% of the world's total.
3. The U.S. accounted for 31% of all malicious activities which is more than any other country.
4. Out of all debit and credit cards for sale on underground economy servers, 86% were issued by banks in U.S.
5. Nearly half of the world's spam originated in U.S. with 44% of the worldwide total.

The future Trends

1. Windows Vista with its public release in 2007, expected to be adopted largely, might see an exploitation of vulnerabilities by the attackers.
2. Third-party applications which do not go through a proper Security Development Lifecycle will become more susceptible to threats because of their large user base.
3. New channels for phishing will emerge like Massively Multiplayer Online Games (MMOG). New methods like "Intelligence Lead Phishing" made possible by compromising a database of a social network, will lead to more targeted phishing activity. With high degree of personalization , this will increase the probability of user being exploited.
4. SMiShing - Spam and Phishing will go mobile. Simply because of the size of the user base and the user's perception of SMS/MMS being more personal will attract more attackers to this segment.
5. Software Virtualization which allows one computer(host) to run other computers (guests) will see an increase in threats in which the guest system can potentially be used to break into the host system causing damages and data theft. Symantec accepts that this is a relatively new area and require more in-depth analysis.

It is in our personal interest to be knowledgeable about the prevalent security threats so that we can protect our personal information from being compromised. Simply put, prevention is better than cure. Since Home Users' (Consumers) segment is the target of 93% attacks, we should be taking necessary actions to safeguard ourselves against the same.

Best Practices for Users

1. You should use a comprehensive and latest Internet security solution combining antivirus, firewall, intrusion detection, and vulnerability management.
2. Ensure that security patches are up to date
3. Keep your passwords are a mix of letters and numbers, and change them often.
4. Never view, open, or execute any email attachment unless the attachment is from a trusted source.
5. Never disclose any confidential personal or financial information to a source which is not known or trusted.
6. Beware of programs that flash ads in the user interface; this could be a Spyware.
7. Report the potential malicious activities.

If the Internet has to grow to its full potential, we will need to find ways to protect the users from such threats which come as obstacles in widespread adoption of Internet for business as well as personal use.

You can see an interesting flash presentation on this report by
clicking here.

*Data Source: Symantec Internet Security Threat Report Volume XI: March 2007

No comments: