In the wake of the Slammer attack, a new report reveals that network administrators had to deal with nearly 82% more vulnerabilities last year than the year before.
The number of software bugs or vulnerabilities found and reported skyrocketed in 2002, according to a semi-annual report released today by security company Symantec Corp. Mike Higgins, manager of Trends and Analysis at Symantec, says he doesn’t necessarily think software was 81.5% bugger last year but that researchers were that much more diligent in detecting them.
The report comes just over a week after the Slammer worm hit the wild, slowing down Internet traffic, staggering online business and wreaking a reported $1 billion in damages in just three days on the loose. The worm took advantage of a known vulnerability in Microsoft Corp.’s SQL 2000 Web servers. Microsoft had issued a patch for the vulnerability last summer but the large number of companies that didn’t patch their systems allowed the worm to run rampant.
”The Holy Grail to handling this problem has not been discovered,” says Higgins. ”In the past year, we created alerts for seven new vulnerabilities a day. For most companies, their resources and budgets are stretched thin. They need to do a better job of identifying vulnerabilities and patching their systems in a timely manner. The solution to how they do that is something a lot of companies have not found yet.”
In the days after the Slammer attack, industry analysts and experts conjectured over the reasons that the SQL vulnerability hadn’t been patched. Some say the patch was complicated and laborious to install. Others say there are simply too many vulnerabilities to deal with each and every one, forcing administrators to play a shell game with their systems.
Symantec’s numbers would back up the latter analysis.
Higgins also notes that Symantec’s study shows that 2002 was a relatively quiet year in terms of cyber attacks and major viruses and worms. The total cyber attack activity over the past six months was 6% lower than the previous six-month period. But Higgins adds that 2003 is expected to be much more active.
”`We’re seeing a real problem with blended threats,” says Higgins. ”With the sheer number of vulnerabilities increasing drastically, blended threats are using these vulnerabilities to spread and inflict damage on the Internet… This is something we expect to accelerate because companies are not doing enough to stop it.”
Higgins also says he sees a disturbing trend ahead — threats to instant messaging and peer-to-peer networks.
”We’ve seen market penetration for both hitting a critical point,” explains Higgins. ”A large majority of corporations have extensive usage of both instant messaging and peer-to-peer networks. And we’ve seen rising cases of unauthorized usage despite security policies against it. That makes them the perfect targets for infection vectors.”
Another point noted in Symantec’s study is that 99% of cyber attacks focus on a very small number of spots on a corporate network. The most popular to be targeted include SQL Server and Net Bios.