Symantec"s twice-annual Internet Security Threat Report paints a menacing picture, and it"s one that security professionals know all too well.
Data from the company"s customers as well as from its global DeepSight Threat analysis system shows the trends. A report released Monday by the security firm says attackers are having an easier time exploiting vulnerabilities. They are increasingly using backdoors to gain access to compromised systems, and they are trying to turn a quick buck with stolen confidential information.
During all of 2003, according to Symantec"s data, the number of easily-exploited vulnerabilities climbed by about 10 percent from the year before, marking the first time that vulnerabilities so classified broke the two-thirds mark. In 2003, fully 70 percent of all security vulnerabilities were simple for attackers to manage.
The reasons are two-fold, said Brian Dunphy, the director of Symantec"s managed securities services group. More vulnerabilities, such as those affecting Web services, take very little exploit expertise, and more hackers are relying on already-published exploit code and easily-available tools to craft new attacks.
Other security analysts besides those at Symantec have harped on the same subject, and the proof in the trend has been as recent as 2004"s wave of worms, due in part to the release of source code to such malware as MyDoom and Netsky into the underground.