Web Security Threats on the Rise, Report Finds

• By Jabulani Leffall
• 04/22/10

It may not be Tony Soprano on the Web, but a new security report finds that wise-guy hackers have become increasingly organized.

Additionally, they have more targets to hit on the Internet, according to Marc Fossi, a Symantec Security researcher. Fossi is editor of the "Symantec Global Internet Security Threat Report: Trends for 2009, Volume XV," which was released Tuesday. The 97-page report can be accessed here.

"Once the malicious activity takes root, it's really difficult to get rid of it, and we're seeing that increasingly on the Internet," Fossi said. "As everybody gets more and more connected between different computer networks, it just increases the attack surface and more information stored on various sources becomes vulnerable or targeted."

According to the report, the United States is once again No. 1 with the most malicious activity on the Internet. China and Brazil came in second and third place, respectively.

Key Findings
Vulnerabilities in browser-based applications represent the fastest-rising information security flaws anywhere, the report found.

The biggest increase in malicious code was concentrated in the Europe, Middle East and Africa (EMEA) region. EMEA now leads the world in the overall volume of new viruses, worms and trojans created. The United States was found to be home to the most botnet command and control servers. It's also the most frequent target in denial-of-service attacks, according to the report.

Corrupt code, which is sold and distributed over the Internet, is becoming more widely available. Symantec found that 2.9 million new threats were developed last year in coded form. The code can become "more complex and dangerous" through additional alterations.

Malware kits, Internet threats and various client-side vectors, along with zero-day exploits, have grown. Consequently, manually patching computers to protect them from each new vulnerability is considered to be a losing battle, according to Symantec's report.

Fossi noted the emergence of do-it-yourself malware kits, including the Zeus Kit and SpyEye.

"You can create a unique binary with these kits that are professional enough to where they're selling for one hundred dollars and then be deployed," Fossi said. "You don't have to have a high degree of skill to deploy malware that is an info stealer and [it] can be configured to just lock a system."

Fossi said he's not ruling out a return of the Conficker worm, which ravaged Windows networks last year. It was the biggest worm since Blaster, which did its damage in 2003 and 2004.

"Conficker is definitely a possibility to come back, if not in its original form, in a variant or a new iteration" he said. "In the end, whether Conficker will emerge again is also a big psychology question. If you say [Conficker's authors] have moved on to something else, that's when they prove you wrong. So, yes, the possibility remains."

Best Practices
The best ways to secure an IT environment and reduce risks is to use antivirus software, firewalls and network security measures. Enterprises can initiate intrusion detection and prevention policies as well.

Fossi recommended keeping up with patch management cycles too. "Keep your browsers patched, regardless of which one you use," he said.

On top of that, there are issues with browser plug-ins and IT pros should have a strategy for managing them. The most common Web-based attack in 2009 was associated with malicious PDF activity, accounting for 49 percent of the total. Weaknesses in ActiveX are a huge issue when using Internet Explorer.

"Securing the endpoint is just as important is securing the server," Fossi explained. "With the rise of Web-based attacks, the endpoint is becoming increasingly important. Because they expand network influences, you can stumble on all types of things. Client-side vulnerabilities are being exploited more than anything else now."