So concludes a recently released Internet Security Threat report based on data collected at Symantec's Security Response facilities worldwide. The report is one company's snapshot of malicious Internet activity during the last six months of 2004.
I asked David Cole, director of product management for Symantec Security Response, to use the information uncovered in the report (more than 70 pages long) to talk about what he's already seeing in 2005. In our conversation, he covered trends such as the discovery and exploitation of flaws in non-Internet Explorer browsers and non-Windows operating systems and the recent reach by criminal hackers (crackers) into nondesktop computer systems such as handhelds and smart phone devices.
|Traditional Internet attacks are down. Unfortunately, attackers are opportunistic and are now going after end users.|
The good news, says Cole, is that today, companies are much better at defending our network perimeters than they were a few years ago. Traditional Internet attacks are down. Unfortunately, attackers are opportunistic and are now going after end users--employees who log in from home or while on the road. Since companies are doing a good job protecting their e-mail systems--either at the gateway with corporate defenses or on desktops with antivirus apps--virus writers are frequently frustrated and have begun targeting instant-messaging apps, Internet Relay Chat (IRC), and peer-to-peer networks (P2P) in addition to e-mail. Symantec reported threats related to P2P, IM, IRC, and CIFS make up 50 percent of its top 50 threat submissions, up from 32 percent covering the same period one year earlier.
But viruses and worms aren't the only Internet threats. Phishing scams, spyware, and now pharming attacks (domain spoofing) are becoming more common. By now, most of us know that Microsoft Internet Explorer harbours many security vulnerabilities. So as people move away from IE (now below 90 percent usage), attackers are turning their attention to Mozilla and other Internet browsers, according to Symantec.
An example might be what crackers have done with the vulnerability found in Internationalized Domain Names (IDN) that affects most non-IE browsers. IDN renders specialised character sets such as non-English domain names in a standardised way using Unicode characters, a standard that attempts to assign a unique computer number for every computer character, no matter the platform or the language set used. The IDN standard allows foreign companies to register domain names in different languages; however, criminal hackers have discovered that they can use this loophole to fool end users onto their phishing sites by substituting specific letters from alternative character sets.
Oddly, IE does not support IDN (although rumors suggest the upcoming Windows XP-only IE 7 will support IDN). Mozilla and Firefox have since patched their IDN flaw.
|We've moved from a strictly ego-fueled virus culture to one where the tools of law enforcement work best.|
But if you thought that IE would be a safer browser as a result of recent attention to non-IE browsers, you'd be wrong. Cole said that while there were a greater number of vulnerabilities reported in Mozilla during the last half of 2004, Symantec found that the most severe vulnerabilities still reside within Internet Explorer. Of the 13 Internet Explorer vulnerabilities rated by Symantec from June to December 2004, 9 were considered high.
Other OSs under attack
The Symantec report also predicts that crackers will become more interested in Macs during 2005, specifically mentioning sales of low-priced mini Macs. As more casual, less tech-savvy users adopt Macs, expect to hear more about vulnerabilities exposed within the Mac OS, which is based on the Unix system. Other security companies are seeing an uptick in Mac flaws. For example, security company Secunia also saw an increase in reported Mac OS flaws during 2004.
Other electronic devices under attack
As more people leave their desktops and start accessing the Internet via mobile devices, so too do the crackers. Last summer, someone released the Cabir worm, designed to infect Symbian OS-equipped Nokia series 60 smart phones. These phones are currently most popular in Europe, but since the first of this year, the Cabir worm has been reported in nearly two dozen countries. Cole says these attacks will continue to grow as Bluetooth and smart phone adoption sets in. In fact, crackers recently launched CommWarrior, a smart phone-enabled virus that is able to infect either Bluetooth systems or those using Multimedia Messaging Service. Expect hybrid or multiplatform worms to remain the norm with mobile technology devices.
All is not lost
What's fueling the spread of Internet threats to other platforms? Money. As I wrote during the Sobig virus attacks in 2003, spammers and perhaps organised crime are now paying virus writers to push the limits and infect as many systems as they can. But that's good. We've moved from a strictly ego-fueled virus culture to one where the tools of law enforcement work best. Instead of finding a random, rogue programmer, law enforcement officials are following the money, and they're making some major busts against cybercrime.
As you adopt new technology, stop and think about the possible security pros and cons. Just because someone hasn't written a devastating worm to hit the Mac OS platform doesn't mean it won't happen. Same with your Nokia smart phone. Proceed with caution. If we've been successful in frustrating crackers by having antivirus and firewall solutions on our desktops, I think there's a chance we'll also prevail in these other areas as well.
Does any part of Symantec's report surprise you? If so, what? Talk back to me...