Threat Report: more focussed attacks

Symantec has released its Internet Security Threat Report for the first six months of 2005. SANS summarizes:

The study found that 74 percent of the top 50 malicious code samples submitted to Symantec were of the sort that exposed confidential data. The report also noted a trend of attackers moving away from attacks on network perimeters and toward targeted attacks. Also noted was an increase in modular malicious code, which downloads additional functionality after initial infection. DoS attacks grew from 119/day to 927/day over the six-month period studied; this marks a 640 percent increase over the same period last year. The average time between disclosure of a vulnerability and the appearance of an exploit decreased from 6.4 days to 6 days, while the average length of time vendors took to release a patch for a vulnerability was 54 days.

The trend that attacks move away from the lonely nerd wanting attention towards criminal activities with the aim to earn money is underlined by this report. Other reports [2] [3] also show a more professional approach to attacks. For white hat security professionals, projects like Honeynet are crucial to keep realistic views on threats.