Symantec: Data breaches, phishers, attack kits top threats of '07 (so far)

And don't look for things to improve much in 2008

With a little over seven weeks to go in 2007, Symantec Corp. is already looking back at the year's top threats, highlighting what it considers to be the biggest security news of 2007 -- so far, at least -- and what it expects to dominate the security agenda for 2008.

The chart toppers for 2007 in Symantec's view include the sheer number of disclosed data breaches; security issues related to Microsoft Corp.'s Vista operating system; PDF, image and greeting card spam; phishing attempts; and the increased availability of personalized attack kits in the Internet underworld.

Perhaps the most unexpected item on this year's top 10 security issue list is the fast-growing trend by malicious hackers to attack victims via trusted Web sites, said Oliver Friedrichs, Symantec's director of emerging technologies. The strategy involves finding a way to plant malicious code on a trusted site, via corrupt online advertisements, for instance, and then compromise users who visit the sites.

"I wasn't expecting that to be so big," Friedrichs said, "I was certainly aware of folks planting [malicious] advertisements on trusted Web sites," and waiting for victims to come to them, he said. "But I always thought [online] advertisement syndicators and others would be able to take adequate precautions to prevent that."

Symantec believes another big story this year is how Vista failed to fully live up to the much-touted security promises offered by Microsoft officials.

"Vista is not the security panacea" some had assumed it would be, Friedrichs said. Since Microsoft debuted the operating system to the general public in late January, 16 security patches have already been issued for it. In addition, some of the security features such as User Access Controls, which are designed to prevent malicious code execution, have proved "essentially ineffective and easily bypassed," he said. "We've even seen Microsoft say these features are not security boundaries, but more of a notification feature -- more of a sign than a fence," he said.

Browser plug-in vulnerabilities -- almost 90% of them Active-X related -- have also emerged as a big attack vector this year, according to Symantec. In the first half of 2007, Symantec counted 237 browser plug-in flaws. That compared to less than half that number -- 108 -- for all of 2006. The sharp increase is most likely because companies have gotten better at shutting down traditional network-based threats, forcing attackers to look for other ways to launch attacks, Friedrichs said.

"Folks are being kicked out of the network exploit space" and are therefore paying more attention to browser plug-in flaws, he said.

Other top security issues this year included the emergence and growth of virtualization threats and the continuing growth in phishing attacks -- particularly those associated with ready-made phishing tool kits. Also high on Symantec's radar in 2007 was the easy availability of all sorts of attack tools in the underground market and what Symantec sees as a disturbing trend: the selling of vulnerabilities to the highest bidder by operations such as WabiSabiLabi.

Expect to see those threats continue in 2008, predicted Friedrichs. Also in store are more bot-related problems, including the possible emergence of phishing sites hosted by bot zombies, more mobile threats and the emergence of malicious sites seeking to take advantage of the upcoming U.S. elections. The threats posed by such sites include diversion of online campaign donations, dissemination of misinformation, fraud and phishing, according to Symantec.

Copyright © 2007 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon