Blended threats, which use combinations of malicious code and vulnerabilities for infection and spread, present increasing risks to networks and are among the most important trends to guard against this year, according to the biannual Symantec Internet Security Threat Report.
"MSBlaster is a good example of this trend going forward," says Tony Vincent, a senior analyst at Symantec. "Though it fell outside of the time frame of the report, it targeted a vulnerability only 26 days old compared with some worms of the past -- like Opaserv -- that have targeted vulnerabilities two or more years old."
According to the report, 64% of attacks in the first half of this year targeted vulnerabilities that were less than one year old; 39% were less than six months old.
"Exploits and worms are being released at a quickened pace," says Mark Litchfield, a security researcher at Next Generation Security Software. "Unfortunately, system administrators are fighting daily defensive battles with the hackers on a level battle ground. The hacker and the admin both find out about the vulnerability at the same time -- when the software vendor publicly releases a patch and often a more detailed advisory. In some cases, this includes proof-of-concept exploit code."
Those attacks also increasingly target services not previously identified as vulnerable areas for many companies.
"We also saw a 400% increase in viruses and worms in the first half of this year that used instant messaging and/or P2P networking as one of their infection vectors," says Vincent. "This is a problem for corporations because in many cases, they don't have policies policing instant messaging or P2P or don't enforce it if they do."
"The increased sophistication of worms really concerns us," adds Vincent. "And while we didn't see a major outbreak in the first half of this year for Linux-based blended threats, we really do believe it's on the horizon."
Other risks Symantec identified are an increased threat against traditionally nonpublic services, such as SQL and file sharing.
"In the first half of 2002, a mere 2% of the scans that we saw were against nonpublic services, but increased to 51% of the top 10 network scans we saw in the first half of this year," says Vincent. "That's a really scary one because it's unlikely that the average home user has SQL services turned on, but much more likely that random boxes in the infrastructure of a typical company have a SQL server installed."
The report says 1,432 new vulnerabilities were discovered, compared to same time frame last year, in which 1,276 were identified. Though the increase isn't terribly significant, Vincent says it represents a 27% increase in severe and moderate flaws collectively and an 11% decrease in low severity flaws.