Symantec Corp releases ISTR Volume XIII

RELATED NEWS Symantec Corp announce Backup Exec 12 for Servers Symantec Sols offer infrastructure portfolio to Windows Symantec shores up HDFC Bank’s IT Governance Posture Nifty BSE | NSE 09/02/12 Are Mutual Funds betting on Nifty?

The latest Internet Security Threat Report (ISTR), Volume XIII released today by Symantec Corp. (Nasdaq: SYMC) in India concludes that the Web is now the primary conduit of attack activity, as opposed to network attacks, and that online users can increasingly be infected simply by visiting everyday Web sites. The report is derived from data collected by millions of Internet sensors, first-hand research and active monitoring of hacker communications and provides a global view of the state of Internet security.

 

In the past, users had to visit intentionally malicious sites or click on malicious email attachments to become a victim of a security threat. Today, hackers are compromising legitimate Web sites and using them as a distribution medium to attack home and enterprise computers.  Symantec noticed that attackers are particularly targeting sites that are likely to be trusted by end users, such as social networking sites.

 

"Users are often the weakest link in Internet security. Attackers can compromise the end user to steal confidential data from them.  This can include personal information, corporate information stored insecurely on the end user's computer, or account credentials the attacker can use to launch additional attacks," said Prabhat Singh, director, Symantec Security Response and Managed Security Services. "The use of social networking Web sites in phishing attacks is symptomatic of the trend toward targeting people rather than computers."

 

Attackers are leveraging site-specific vulnerabilities that can then be used as a means for launching other attacks.  During the last six months of 2007, there were 11,253 site specific cross-site scripting vulnerabilities reported on the Internet; these represent vulnerabilities in individual Web sites. However, only 473 (about 4 percent) of them had been patched by the administrator of the affected Web site during the same period, representing an enormous window of opportunity for hackers looking to launch attacks.

 

Contd on page 2.....