Category: Statistics

Research commissioned by application switching provider Radware found that 70 per cent of the 50 small businesses it monitored experienced more than 1,500 attacks over a two-week period in August – largely because of the outbreak of the SoBig virus.

And with web-based distributed applications becoming more pervasive, the majority of security threats facing corporations will be at the application level across port 80, the research warned.

More info: [url=http://www.vnunet.com/News/1151137]http://www.vnunet.com/News/1151137[/url]

Compared with previous estimates, costs associated with cleaning up after a virus or worm attack have increased by more than 400 per cent over the past 12 months, to

The hard times for security professionals has many explanations, but one of the most significant trends this year has been the rise in so-called ‘blended’ threats, exploits that use multiple modes of infection — ranging from hacking and computer worms to denial-of-service attacks and Web site defacements — to create a single, advanced assault that overwhelms defenses.

Older threats such as Code Red and Nimba, and newer ones like Sobig and MS Blast, Weafer said, are perfect examples of such assaults, which have been steadily increasing for the past three years, but in 2003 really caught the attention of security professionals in their numbers and sophistication.

What makes blended threats so dangerous is that they’re much more difficult to defend against than, say, a single-vector exploit that propagates via e-mail or can be stopped by simply plugging a port at the network firewall.

In response, enterprises will have to implement a more comprehensive, in-depth defense that goes beyond the traditional firewall and anti-virus protection, and takes a more proactive approach.

Worse, an increasing number of those vulnerabilities can be exploited remotely — 80 percent at the moment — which means that hackers can more easily insert malicious code and wreck havoc on systems.

That’s one of the reasons why the window between the disclosure of a vulnerability and the release of exploit code — and then a self-replicated worm — continues to shrink.

More info: [url=http://www.techweb.com/wire/story/TWB20031126S0006]http://www.techweb.com/wire/story/TWB20031126S0006[/url]

It found that French and German firms are most prepared to deal with viruses and their pernicious kin.

But the UK leads the way among nations which see good security as a way of helping their business stand out.

Survey sponsor McAfee warned that many European firms were just reacting to virus outbreaks instead of preparing to beat back future threats.

The survey found that 48% of the European firms questioned see security as little more than a matter of fixing the security breaches that viruses, worms and malicious hackers attempt to exploit.

The damage and inconvenience that all these threats can cause prompted 84% of those in the survey to say that security is a critical concern for their company.

More info: [url=http://news.bbc.co.uk/2/hi/technology/3223887.stm]http://news.bbc.co.uk/2/hi/technology/3223887.stm[/url]

The bad news is that attackers are still primarily exploiting known operating-system and application vulnerabilities to hack into systems.

In InformationWeek’s 2003 U.S. Information Security Survey, only 21% of the 815 companies surveyed say their systems were attacked via “unknown” operating-system vulnerabilities.

Many IT professionals complain that hackers, security researchers, and security vendors who find and disclose software vulnerabilities are just seeking name recognition and free publicity.

Every big worm that has struck so far has exploited a software vulnerability that had previously been discovered and had a patch available to fix it.

As painful as patching is, and despite the toll it takes on system administrators and developers, it may not be as bad as walking into the data center one morning to discover that a worm is tearing its way through the Internet and your systems and that it will be days before anyone figures out how to counter it.

Software and application vulnerabilities aren’t the only programs prone to security attacks. Hackers also are making use of personal identification numbers, account permissions, and valid user passwords, all established to restrict access, in their campaigns.

Of the 815 business-technology and security pros who participated in InformationWeek’s U.S. Information Security Survey this year, nearly one-fourth experienced security incidents involving valid user accounts or permissions.

While nearly one-fourth of the sites surveyed by InformationWeek report recently falling victim to externally waged denial-of-service attacks, 3% report attacks that came from within their firewalls.

More info: [url=http://www.securitypipeline.com/story/showArticle.jhtml?articleID=16100051]http://www.securitypipeline.com/story/showArticle.jhtml?articleID=16100051[/url]

Despite new virus threats appearing regularly, almost one third of all companies in the region have failed to take any measures against digital attack, according to a survey by the McAfee security division of software firm Network Associates.

The level of preparedness varies by country, with 12 per cent of German firms saying they remain undefended from such attacks while 42 per cent of British firms and 43 per cent of Dutch firms are unprotected.

More info: [url=http://www.business.scotsman.com/technology.cfm?id=1198692003]http://www.business.scotsman.com/technology.cfm?id=1198692003[/url]