The number of attacks on Internet-connected machines decreased over the past six months while the number of software vulnerabilities continued to skyrocket, according to a new report.
In the last half of 2002, the number of attacks per week at a given company fell by 6 percent to 30, compared to the previous six months. Also, fewer companies experienced at least one severe event. The report indicates that 21 percent of companies had such an event, less than half the number that reported a severe attack during the same period in 2001.
And, less than two percent of all incidents were found to be aggressive attacks. That is, concentrated attacks on a particular target. In fact, fully 85 percent of all of the attack activity the respondents reported was classified as simple pre-attack reconnaissance.
“It appears that attacker aggression declined during the past six months. This observation, coupled with observations by Symantec analysts, supports the conventional wisdom that most attackers search for a few vulnerabilities to exploit and will abandon their efforts if these vulnerabilities are unavailable,” the report concludes.
The report, published by Symantec Corp., of Cupertino, Calif., is based on data from more than 400 companies.
The company said it recorded more than 2,500 newly identified vulnerabilities in various software products during all of 2002, an 81.5 percent increase over the previous year. And, there were 84.7 percent more moderate and severe vulnerabilities found than there were in 2001.
Several factors may have contributed to this increase, including the huge jump in recent years in the number of researchers looking for vulnerabilities. This was once an obscure and generally thankless task. Now, in addition to the independent researchers, most major security vendors employ full-time staffs that do nothing but hunt for bugs and vulnerabilities.
Once again, attackers in the United States were by far the most eager to exploit those vulnerabilities. U.S. crackers accounted for more than 35 percent of all of the attacks during the reporting period. South Korea, China, Germany and France rounded out the top five. However, the South Koreans appear to have the most attackers per capita among countries with the largest online populations, launching 23.7 attacks per 10,000 Internet users. The U.S. is not in the top 10 on this list.