Internet Security Threat Report Volume 9. 2 Internet Security Threat Report Volume 9 – Spokesperson Training Internet Security Threat Report VI What the.

Slides:



Advertisements
Similar presentations
Thank you to IT Training at Indiana University Computer Malware.
Advertisements

Supplied on \web site. on January 10 th, 2008 Customer Security Management Reducing Internet fraud June 1 st, 2008 eSAC Walk Thru © Copyright Prevx Limited.
Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,
By Hiranmayi Pai Neeraj Jain
7 Effective Habits when using the Internet Philip O’Kane 1.
Security for Today’s Threat Landscape Kat Pelak 1.
Current Security Threats WMO CBS ET-CTS Toulouse, France May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Computer Viruses.
Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
Kaspersky Open Space Security: Release 2 World-class security solution for your business.
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
Norman SecureSurf Protect your users when surfing the Internet.
Chapter Nine Maintaining a Computer Part III: Malware.
Threats and ways you can protect your computer. There are a number of security risks that computer users face, some include; Trojans Conficker worms Key.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
R. FRANK NIMS MIDDLE SCHOOL A BRIEF INTRODUCTION TO VIRUSES.
Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.
First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.
1 Internet Security Threat Report X Internet Security Threat Report VI Figure 1.Distribution Of Attacks Targeting Web Browsers.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Viruses.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
2002 Symantec Corporation, All Rights Reserved The dilemma European Security Policy and Privacy Ilias Chantzos Government Relations EMEA Terena Conference,
Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
Safe Computing. Computer Maintenance  Back up, Back up, Back up  External Hard Drive  CDs or DVDs  Disk Defragmenter  Reallocates files so they use.
1 All Your iFRAMEs Point to Us Mike Burry. 2 Drive-by downloads Malicious code (typically Javascript) Downloaded without user interaction (automatic),
Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.
Spyware and Viruses Group 6 Magen Price, Candice Fitzgerald, & Brittnee Breze.
WEBSENSE ® SECURITY LABS™ 2006 Semi-Annual Web Security Trends Report OWASP Presentation November 9, 2006 Jim Young (301)
Click to edit Master title style Click to edit Master text styles –Second level Third level –Fourth level »Fifth level June 10 th, 2009Event details (title,
Maintaining a Secure Messaging Environment Across , IM, Web and Other Protocols Jim Jessup Regional Manager, Information Risk Management Specialist.
A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.
1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
JEnterprise Suite For Network Monitoring and Security Dr. Sureswaran Ramadass, Dr. Rahmat Budiarto, Mr. Ahmad Manasrah, Mr. M. F. Pasha.
1 Figure 4-16: Malicious Software (Malware) Malware: Malicious software Essentially an automated attack robot capable of doing much damage Usually target-of-opportunity.
ANTIVIRUS SOFTWARE.  Antivirus software is the most widespread mechanism for defending individual hosts against threats associated with malicious software,
Virus and anti virus. Intro too anti virus Microsoft Anti-Virus (MSAV) was an antivirus program introduced by Microsoft for its MS-DOS operating system.
Module 6: Designing Security for Network Hosts
Vulnerability Scanning Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses Credentialed vs.
DEFINING A VIRUS By saad. Defining a virus A virus is a piece of code or program. A virus is loaded onto the computer and runs without your command All.
Malicious Software.
Module  Introduction Introduction  Techniques and tools used to commit computer crimes Techniques and tools used to commit computer crimes.
W elcome to our Presentation. Presentation Topic Virus.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
Vulnerabilities in Operating Systems Michael Gaydeski COSC December 2008.
Information Systems CS-507 Lecture 32. Physical Intrusion The intruder could physically enter an organization to steal information system assets or carry.
NETWORK SECURITY LAB 1170 REHAB ALFALLAJ CT1406. Introduction There are a number of technologies that exist for the sole purpose of ensuring that the.
Cosc 4765 Antivirus Approaches. In a Perfect world The best solution to viruses and worms to prevent infected the system –Generally considered impossible.
Working at a Small-to-Medium Business or ISP – Chapter 8
Securing Information Systems
Chap 10 Malicious Software.
Chap 10 Malicious Software.
Test 3 review FTP & Cybersecurity
Presentation transcript:

Internet Security Threat Report Volume 9

2 Internet Security Threat Report Volume 9 – Spokesperson Training Internet Security Threat Report VI What the Symantec Internet Security Threat Report is… Information that:  Provides a comprehensive analysis of Internet security activities and trends  Compiled every six months  Offers a complete view of today’s Internet security landscape  Identifies and analyzes attacker methods and preferences  Details the latest trends and information Internet attacks Vulnerabilities that have been discovered and exploited Malicious code Additional Security Risks - Adware, Spyware, Phishing, and Spam  Provides a complete view of the state of the Internet

3 Internet Security Threat Report Volume 9 – Spokesperson Training Internet Security Threat Report VI Key Data Points - What makes the ISTR unique? Based on one of the world’s largest sources of security data.  500 Symantec Managed Security Services customers  40,000 sensors worldwide monitoring network activity in 180 countries  120 million client, server, and gateway antivirus systems  13,000-entry vulnerability database, 30,000 technologies, 4000 vendors.  Symantec Probe Network with over 2,000,000 decoy accounts attracting spam and phishing from 20 different countries from around the world  The Symantec™ Global Intelligence Network.

4 Internet Security Threat Report Volume 9 – Spokesperson Training Internet Security Threat Report VI Today’s Threat Landscape Cybercrimes such as online fraud and the theft of confidential information are dominating the public’s consciousness. Bots, bot networks and customizable or ‘modular’ malicious code are the preferred methods of attack. Web applications and web browsers increasingly becoming the focal point of attacks. Continued decline in noisy Category 3 & 4 threats and a corresponding increase in quieter, stealthier Category 1 and 2 threats.

5 Internet Security Threat Report Volume 9 – Spokesperson Training Internet Security Threat Report VI Important Messaging Cybercrime - Fraud and theft. As the rewards get more attractive, attackers will continue to improve their methods. Traditional perimeter defenses are not enough. With the rise in client side attacks and web application attacks, attackers are constantly finding new ways into the network. The volume and severity of attacks continues to rise. A short patch window, increasing numbers of malicious code variants and stealthy, silent attacks.

Internet Security Threat Report Volume 9

7 Internet Security Threat Report Volume 9 – Spokesperson Training Internet Security Threat Report VI Attack Trends – Bot Infection Statistics From July 1 - December 31, 2005 bot network activity decreased slightly. On average we saw 9,163 unique bot network machines per day, down from 10,347. The United States increased its percentage of known bot-infected computers by 7% to 26% of the global total.

8 Internet Security Threat Report Volume 9 – Spokesperson Training Internet Security Threat Report VI Attack Trends – Denial of Service During the current reporting period, Denial of Service attacks grew by more than 51% to an average of 1402 per day, up from 927 per day in the last reporting period.

9 Internet Security Threat Report Volume 9 – Spokesperson Training Internet Security Threat Report VI Attack Trends – Top Targeted Industries As predicted, the rise in online fraud and the shift towards financial motivation has moved Financial services to the top of targeted industries in the last half of 2005.

10 Internet Security Threat Report Volume 9 – Spokesperson Training Internet Security Threat Report VI Attack Trends – Top Originating Countries The United States remains the top source country for attacks with 31%. China’s 1% increase corresponds to a 153% increase in the volume of attacks originating from within the PRC.

11 Internet Security Threat Report Volume 9 – Spokesperson Training Internet Security Threat Report VI Attack Trends – Time To Compromise - Servers Server operating systems in a web sever role

12 Internet Security Threat Report Volume 9 – Spokesperson Training Internet Security Threat Report VI Attack Trends – Time To Compromise - Desktops Desktop systems NOT behind a firewall.

13 Internet Security Threat Report Volume 9 – Spokesperson Training Internet Security Threat Report VI Attack Trends – Additional Data Points Slammer was the Top Attack for the 5th reporting period in a row accounting for 45% of all attacks. Generic HTTP Directory Transversal Attack and the Generic ICMP Flood Attack were 2nd and 3rd respectively. UDP port 1026 was the top attacked port with 17% of all attacks. Ports 445 and 443 were 2nd and 3rd respectively. Daily attack rate has fallen from 57 to 39 attacks per day.

14 Internet Security Threat Report Volume 9 – Spokesperson Training Internet Security Threat Report VI Vulnerability Trends – Volume Between July 1 - December 31, 2005, the total number of vulnerabilities grew by 1% over the previous reporting period and 34% over the same period last year. The total number of vulnerabilities reported this period is the highest ever recorded.

15 Internet Security Threat Report Volume 9 – Spokesperson Training Internet Security Threat Report VI Vulnerability Trends – Web Applications In the last 6 months of 2005, 69% of all vulnerabilities reported to Symantec were web application vulnerabilities an increase of 15% over the previous reporting period.

16 Internet Security Threat Report Volume 9 – Spokesperson Training Internet Security Threat Report VI Vulnerability Trends –Web Browsers (Vendor and Non-vendor confirmed) Internet Explorer had the largest total of combined vulnerabilities with 24, the same amount as the previous reporting period. Firefox had the second highest total of combined vulnerabilities with 17, a decrease of 15 vulnerabilities from the previous reporting period.

17 Internet Security Threat Report Volume 9 – Spokesperson Training Internet Security Threat Report VI Vulnerability Trends – Window of Exposure From July 1 - December 31st 2005, the average Exploit development time was 6.8 days, almost a full day more than the previous reporting period. During the same period, there was an average of 49 days between vulnerability publication and the release of patch by a vendor. This down sharply from the 64 days in the previous reporting period.

18 Internet Security Threat Report Volume 9 – Spokesperson Training Internet Security Threat Report VI Vulnerability Trends – Severity & Ease of Exploitation When including remotely exploitable criteria, 97% of the vulnerabilities documented by Symantec were rated High or Moderate Severity and 84% were remotely exploitable. 79% of the total number of vulnerabilities were classified as easy to exploit, an increase of 5 percentage points over the previous reporting period.

19 Internet Security Threat Report Volume 9 – Spokesperson Training Internet Security Threat Report VI Malicious Code Trends – Threats to Confidential Information Threats to confidential information continue to increase over the past three reporting periods with 80% of the Top 50 reported malicious code in this period, having the potential to expose confidential information. An increase of 6 percentage points over the previous reporting period. Primarily due to the number of Mytob variants - 5 of the top ten and 13 of the top 50.

20 Internet Security Threat Report Volume 9 – Spokesperson Training Internet Security Threat Report VI Malicious Code Trends – Modular Malicious Code Modular malicious code is malicious code that initially possesses limited functionality, but that, once installed on a target host can download other pieces (or modules) of code with different, usually malicious, functionalities. Initially low in risk but possibly increasing to higher risk levels. Modular malicious code account for 88% of the top 50 malicious code in the current reporting period, a 14% increase over the 77% in the previous report.

21 Internet Security Threat Report Volume 9 – Spokesperson Training Internet Security Threat Report VI Malicious Code Trends – Top Ten Malicious Code & Propagation 8 of the top ten malicious code propagated via mass-mailing techniques. In the previous reporting period only 2 propagated via this method. All of the top ten malicious code have the potential to be used for fraud and cybercrime.

22 Internet Security Threat Report Volume 9 – Spokesperson Training Internet Security Threat Report VI Malicious Code Trends – Instant Messaging Threats New metric for this report. Worms constituted 91% of IM-related malicious code activity, a 10% increase over the 83% observed during the first half of Trojans accounted for 9% and Viruses less than 1% during the current reporting period.

23 Internet Security Threat Report Volume 9 – Spokesperson Training Internet Security Threat Report VI Additional Security Risks – Phishing The number of phishing attempts blocked rose from 1.04 billion to 1.45, a 44% increase. Symantec saw an average of 7.92 million phishing attempts per day up from the 5.7 million observed during the last reporting period. Peak activity during the current reporting period saw 17 million phishing attempts per day.

24 Internet Security Threat Report Volume 9 – Spokesperson Training Internet Security Threat Report VI Additional Security Risks – Spam Between January 1st and June 30th, 2005, the average percentage of that is Spam was 50%, an 11 percentage point decrease from the last reporting period. Monthly totals over the period show a decline from a high of 54% in January to 50% in June. On average, 56% of all Spam received worldwide originated in the United States. Over the course of the reporting period, the United States exhibited a 5% increase while China grew by 7%.

25 Internet Security Threat Report Volume 9 – Spokesperson Training Internet Security Threat Report VI Additional Security Risks – Adware/Spyware Adware and Spyware are not categorized by Symantec as ‘Malicious Code’ but rather as potential security risks. The most reported Adware from July 1 - December was Websearch (19%). 9 of the top ten were installed by rouge affiliates. 7 of the top ten carried a risk rating of High or Medium. 5 of the top ten employed some form of anti-removal technique, were installed via drive-by downloading and updated themselves more than once a day. Aurora updated itself over 13 times per day. The most reported Spyware from January 1st - June 30th, 2005 was CometCursor (42%).

26 Internet Security Threat Report Volume 9 – Spokesperson Training Internet Security Threat Report VI Future Watch Increase in malicious code utilizing stealth capabilities. Increased commercialization of vulnerability research. Non-traditional platform threats expected to emerge. A ‘Boom’ cycle for bots and bot networks. Increase in phishing messages and malicious code distributed through instant messaging. Mac OS X

27 Internet Security Threat Report Volume 9 – Spokesperson Training Internet Security Threat Report VI  Employ Defense-in-Depth practices which emphasize multiple, overlapping, and mutually supportive defensive systems to guard against single-point failures in any specific technology or protection methodology. This should include the deployment of antivirus, firewalls, intrusion detection and intrusion protection systems on client systems.  Turn off and remove unneeded services.  If a blended threat exploits one or more network services, disable, or block access to, those services until a patch is applied.  Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services.  Enforce a password policy.  Configure your server to block or remove that contains file attachments that are commonly used to spread viruses, such as.VBS,.BAT,.EXE,.PIF, and.SCR files.  Isolate infected computers quickly to prevent further compromising your organization.  Perform a forensic analysis and restore the computers using trusted media.  Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses.  Ensure emergency response procedures are in place. This includes having a backup and restore solution in place in order to restore lost or compromised data in the event of successful attack or catastrophic data loss.  Educate management on security budgeting needs.  Test security to ensure that adequate controls are in place.  Both spyware and adware can be automatically installed on systems along with file-sharing programs, free downloads, and freeware and shareware versions of software, or by clicking on links or attachments in messages, or via instant messaging clients. Ensure that only applications approved by your organization are deployed on the desktop. Enterprise Best Practices

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.