As always, the trends in security administration are shifting, and companies should monitor those trends to keep up to speed on where they might need to pay special attention. Recently, three new security trend reports were released, and you should consider adding these to your more immediate reading list.
The first report is from Symantec, which released the Internet Security Threat Report Volume XII. The report (issued quarterly, at the first URL below) highlights the fact that, as we've seen, intruders are now more profit oriented than they were previously. That trend probably isn't going to diminish any time soon. Also as we've seen, intruders are turning to more sophisticated ways of breaching security, and those ways now include prepackaged intrusion kits such as MPack that can be purchased at "underground" sites on the Internet. You can learn more about MPack by reading the articles listed at the second URL below.
Trends also include intruders infiltrating trusted or high-profile sites; a large percentage of those sites' users can then become infected with Trojan horses and other malware. There is of course a lot more to the report, so get yourself a copy and read it carefully.
The second report comes from IBM Internet Security Systems (ISS). Cyber Attacks on the Rise: IBM X-Force 2007 Midyear Report reveals a couple of interesting trends. Malicious exploit developers have turned to providing "exploits as a service," as IBM refers to the trend, and leased exploits. These new pricing models lower the barrier to entry because individuals no longer have to buy an expensive exploit outright.
Another trend pointed out by both Symantec and IBM is the use of "downloaders," which when installed on a victim's computer, download and install other code, basically letting an intruder take a wide range of other actions. Symantec said that according to its data so far this year, "28 of the top 50 malicious code samples were staged downloaders." IBM says that downloaders were the most prevalent type of malware throughout 2006 and that so far in 2007, Trojans are the most prevalent, but the year isn't over yet.
Another interesting bit of data from IBM's report is that the "percentage of vulnerabilities that can be exploited remotely has grown in the first half of 2007 to 90 percent versus 88 percent in 2006." Wow. You can get a copy of IBM's report at its ISS Web site at the URL below.
Both Symantec and IBM point out that obfuscation is increasingly used in conjunction with Web-based attacks. That makes it slightly more difficult for researchers to get at the code behind an attack and puts a larger burden on companies whose products try to filter out such attacks. This leads indirectly to the third report, which is from Finjan.
Finjan's Web Security Trends Report (Q3 2007) points to canned Web applet code as a growing source of risk. Such code, typically referred to as Web widgets, is developed to perform a range of actions that usually insert content into a Web page. For example, there are widgets to pull in weather data and RSS feeds, provide a live chat box, and display schedules and reminders. Finjan's report says, "To give an idea of the number of widgets and gadgets available there are 3720 available on Google.com, 3197 on Apple.com and 3959 on Facebook.com, many of these applications are already being used by millions of people." There are of course many places to obtain widgets, and Windows Vista even supports the use of widgets on the desktop.
A problem with such widgets is that a third party could develop and widely distribute a seemingly harmless widget that actually has malicious intent. Furthermore, an honest third party could develop a widget that contains coding errors that could lead to attacks on innocent users. So be sure to get a copy of Finjan's report at the URL below and consider the risk posed to your network environment.