Internet Attacks Climb During Third Quarter
By Gregg Keizer
Courtesy of TechWeb News

Confirming what most enterprise IT administrators already know, a security firm on Tuesday released a report that concluded the Internet poses an increasingly more dangerous threat.

According to Internet Security Systems' newest report, which tracked security events from July through September, the number of security threats climbed 9 percent in the third quarter over the previous three months, and the more serious incidents -- which ISS defines as confirmed attacks or those that present unusual risk -- rose by 15 percent.

Although fresher, ISS's data mirrors that of other security firms. In early October, for instance, Symantec also noted a spike in security threats and attacks during 2003.

Like Symantec before it, ISS's researchers attributed the rise in security incidents to ever-nimbler hackers who jump on vulnerabilities almost as soon as they're discovered.

There's this myth that companies have weeks to patch a vulnerability before an exploit hits, said Dan Ingevaldson, the director of ISS's X-Force threat research team. But the fact is really that there are now only a handful of days between when a vulnerability is made public and when an exploit appears on the wire.

Citing a slew of examples, including the notable MSBlast worm -- which took advantage of a vulnerability in Microsoft Windows with an widespread attack just 11 days after that flaw was revealed -- and a less-well-known denial-of-service (DoS) vulnerability in Cisco's hardware, which was exploited only two days after disclosure, ISS said the fast, aggressive tactics by hackers give enterprises little time to patch systems before worms and Trojan horses start appearing in the wild.

Patching vulnerable servers and desktops is increasingly seen as a resource drain by enterprises, with no real end in sight to the problem, said ISS in the report. The disclosure of vulnerabilities, release of proof-of-concept or malicious code and active exploitation of vulnerabilities creates a cycle of exposure, urgency to patch, and possible compromise or disruption, the report stated.

ISS has an interest in pointing out the profit-draining qualities of patching, for it sells security software and appliances which it touts as able to defend against exploits of unpatched vulnerabilities.

ISS also noted that attacks during the third quarter were more varied -- often relying on blended threats that use multiple vectors, or avenues of infection -- than in the previous three months, making administrators scramble all the more to close security gaps.

Likewise, the sheer number of worms, viruses, and Trojan horses released by hackers in the third quarter present problems. According to ISS, some 823 new exploits were sent into the wild during July, August, and September, an increase of some 26 percent.

Down the road, things look just as gloomy, said Ingevaldson, who claimed that his team can predict which vulnerabilities become worms, automated exploits that can spread rapidly and because of that, wreck havoc on networks.

Among recent vulnerabilities that Microsoft has disclosed in its various products, Ingevaldson said, he's betting that Windows Messenger Service and the Workstation service in Windows will become worm targets.

Unfortunately, although we can fairly accurately predict if a worm is going to come out of an exploit, it's a lot harder to predict when.

The full article is at SecurityPipeLine