Security Threats Will Continue To Plague Enterprises In '04

"We're in a for a repeat of this year [during 2004]," said Vincent Weafer, senior director of Symantec's security response center. "We should expect two to four MSBlast-sized events in 2004 and a major mass-mailed worm or virus every month on the average."

The hard times for security professionals has many explanations, but one of the most significant trends this year has been the rise in so-called 'blended' threats, exploits that use multiple modes of infection -- ranging from hacking and computer worms to denial-of-service attacks and Web site defacements -- to create a single, advanced assault that overwhelms defenses.

Older threats such as Code Red and Nimba, and newer ones like Sobig and MS Blast, Weafer said, are perfect examples of such assaults, which have been steadily increasing for the past three years, but in 2003 really caught the attention of security professionals in their numbers and sophistication.

"Such threats are likely to become the norm," said Weafer.

What makes blended threats so dangerous is that they're much more difficult to defend against than, say, a single-vector exploit that propagates via e-mail or can be stopped by simply plugging a port at the network firewall. "Yesterday's strategy of 'one threat, one cure' is no longer viable today," he said.

In response, enterprises will have to implement a more comprehensive, in-depth defense that goes beyond the traditional firewall and anti-virus protection, and takes a more proactive approach. Such a defense should integrate early warning intelligence on developing security threats, be composed of multiple layers -- at the network edge, on servers, and on desktops -- and must take into account the newer technologies that have the potential for opening up the company to attack, such as wireless and instant messaging.

But blended threats aren't the only reason why security is the year's hottest topic among enterprises, and will continue to be next year. The numbers are also running against the good guys, Weafer noted.

Vulnerabilities tracked by Symantec, he said, rose from an average of 40 a week at the beginning of the year to 50 per week by November. Worse, an increasing number of those vulnerabilities can be exploited remotely -- 80 percent at the moment -- which means that hackers can more easily insert malicious code and wreck havoc on systems.

And attackers have moved away from targeted assaults on the perimeter of the network, such as Web servers, and are now focusing on the Internet to infect a growing number of desktops, laptops, and workstations. "That opens up far more possible targets, which are typically far less well defended," he said.

Combine that with a increasingly robust set of hacker tools -- which are shared much more freely than ever before -- and you have the recipe for a continued security crisis.

"There's far more knowledge now available [to hackers] about how to create exploits," he claimed, "and so the level of technical knowledge necessary to generate an exploit is falling. Hackers are standing on each other's shoulders, just plugging in new code into old exploits and kicking it out."

That's one of the reasons why the window between the disclosure of a vulnerability and the release of exploit code -- and then a self-replicated worm -- continues to shrink.

"The notion that a company has months or even a year to deploy a patch is simply gone," Weafer said.

Among the threats that Weafer sees developing in 2004 are Trojan horses which attempt to steal information, often for financial gain rather than simple notoriety, and "anything that targets a common service in Windows." File and print sharing services, and anything to do with ActiveX controls, he said, are ones to watch for vulnerabilities and thus upcoming exploits.

"Any service that's turned on by default is a potential target," he said, citing a raft of recent Microsoft Windows services -- such as its Workstation service and the Windows Messenger Service -- as examples in 2003.

"This was a tough year in enterprise security," Weafer concluded.

And from all signs, 2004 won't be any easier.

This story courtesy of .