New survey shows up Irish security shortcomings

15 Mar 2004

Ireland is one of the most vulnerable countries in the world to computer viruses and worms, a new report has revealed. On a per capita basis, Ireland was ranked third in the world for the number of attacks per internet user.

In the latest Internet Security Threat Report released today by the internet security provider Symantec, Ireland was found to have been the origin of 6,397 attacks per 100,000 users. Only users in Canada and Kuwait are more susceptible to attack, with 8,265 and 6,957 instances respectively. The US was in fourth place with 5,966 attacks per 100,000, followed by Nigeria with 5,622.

Symantec’s report explained: “For many threats, the attack rate from a country is a function of the number of vulnerable systems in that country. A reduction in the number of vulnerable machines will therefore result in a reduction of the attack rate.”

In overall terms, the most common source of attacks are overwhelmingly systems in the US, responsible for 58pc of attacks (excluding worms). This is because the US has one of the highest populations of internet users, Symantec noted.

The list of the top countries of attack origin is based only on the last known IP address and it may not indicate the actual point of origin. Sophisticated hacking techniques mean that a PC or server that launches an attack may not be the system belonging to the attacker.

Symantec claims that its report is the most comprehensive and accurate guide to emerging trends in internet security. The data was compiled using anonymous data from Symantec Managed Security Services customers as well as from 20,000 security devices across more than 180 countries.

Symantec’s report has charted a rise in blended threats, which comprised 54pc of the top 100 malicious code submissions from July to December 2003. As the name suggests, blended threats use several methods to attack systems, combining the characteristics of viruses, worms, Trojan horses and malicious code. They spread at great speed and can cause widespread damage quickly.

The report also tracked hacker activity in the business sector and found that in the first half of last year, only one sixth of the companies analysed reported a serious security breach. In the second half of the year, this figure tripled with half of the companies reporting a serious breach.

This rise is largely the result of increasingly “successful” worms, which remain the most common source of attack activity, Symantec said. Almost one third of all attacking systems targeted the vulnerability exploited by Blaster, a worm that targeted a vulnerability in core Windows components. Such threats are more widespread than the server software targeted by previous network-based worms, resulting in a much higher density of vulnerable systems.

In identifying future trends, the report also referred to the anticipated arrival of so-called zero-day threats, where new ways of attacking systems emerge just as soon as the vulnerabilities which they exploit are discovered. Traditionally, there has been a time lag of days or weeks between the announcement of a flaw in software and malicious code that attacks this weakness. This situation usually helps in the development of a patch to fix the vulnerability, but the prospect of immediate attacks would remove this opportunity to limit the scope of any flaw through software patching.

Another finding showed client-side vulnerabilities in Microsoft Internet Explorer to be rising, from 20 in the first half of 2003 to 34 in the second half of the year, an increase of 70pc. Many of these flaws allow attackers to compromise the systems of users who visit websites hosting malicious content, intentionally or not. According to Symantec, the main reason for concern over this trend is the massive market dominance of the Microsoft browser.

During the second half of 2003, threats to privacy and confidentiality were the fastest growing threat. Compared with the first half of the year, the volume of submissions relating to the top 10 forms of malicious code grew by a staggering 519pc. Whereas older threats exported random documents, endangering secrecy and confidentiality, more recent viruses and blended threats have been shown to extract passwords, decryption keys and logged keystrokes.

By Gordon Smith