The number of daily security events--discernable attacks and malicious incidents--dipped in the third quarter, due in large part to the lack of major new exploits or threats, according to VeriSign's latest Internet Security Intelligence Briefing report.
According to the quarterly report, the number of daily security events were 150% higher than the same period in 2003, but slightly lower than the second quarter of this year. VeriSign compiles the report with data gleaned from its global network of managed security, payment and DNS services.
VeriSign says the dramatically higher daily event rates this year are attributable to the creativity of hackers who are honing their skills on new attack methods and the ease of modifying exploit code. "The refined skills on the part of the experts is, in turn, enabling junior hackers, a.k.a. script-kiddies, to wreak havoc much more quickly," VeriSign reported.
Reinforcing the message that patching is no longer an option, VeriSign says the release of exploits and attacks almost perfectly mirrors Microsoft's monthly release of security patches. Confirming what many enterprises are already experiencing, malware writers and hackers are expediting their reverse-engineering efforts to develop exploits faster.
"Patching can no longer be viewed as a luxury, but a requirement that must be addressed within weeks, if not days, of a [patch] release," the company warned in its report. It also measured not only attack trends, but the elements that comprise attacks and malicious activity. One of the more interesting tidbits is a debunking of the myth that spam consumes bandwidth.
By its measurements, VeriSign says spam constitutes 80% of all Internet traffic, but only consumes 21% of overall bandwidth. Legitimate e-mail accounts for 19% of volume and 73% of bandwidth, while malware consumes 1% of volume and 5% of bandwidth.
That the relative size of malware-laden e-mails is virtually indistinguishable from legitimate e-mails is troublesome. VeriSign says the average size of legitimate e-mails in Q3 was 40.9 Kb, while malware had a size of 39.8 Kb. Marc Griffiths, VeriSign's VP of security services, says this could be problematic for enterprises that filter malware based on message size. By comparison, spam's size averages to 2.79 Kb.
While phishing and other e-mail-born attacks continue to rise, VeriSign reports that e-commerce continues to grows. The volume of e-commerce activity grew 25% over the same period in 2003, showing that enterprises and consumers continue to gravitate to the Internet as a cost-savings vehicle despite the security risk.