The Computer Emergency Response Team (CERT) has issued a new report that outlines the current trends in computer-related attacks. The report, "Overview of Attack Trends," reveals six trends that network operators need to be aware of.
The report says that new attack tools let intruders infiltrate systems much faster than in the past. Adding to the problem are attack tools--vulnerability scanners in particular--that instigate attacks as soon as they find vulnerable systems rather than waiting until completing a scan. In addition, attack tools such as Nimda and Code Red can initiate new attack cycles on their own.
The sophistication of attack tools is on the rise as well. Intruders use techniques that hide how some attack tools work, which makes understanding the nature of an attack much more difficult and time consuming. Some tools are even polymorphic and change their nature as an attack propagates.
CERT said that the number of new discoveries it reports continues to double each year. Also, tools that automate the discovery of new vulnerability classes are creating a much shorter "time-to-patch" cycle among vendors.
The report also says firewall permeability is a major concern. Certain aspects of tools such as ActiveX, JavaScript, and Java, make guarding systems and detecting hostile code more difficult, and technologies such as Internet Printing Protocol (IPP) and WWW Distributed Authoring and Versioning (WebDAV) are adding to the problem. Protocols marketed as "firewall friendly" often simply bypass firewalls, leaving networks behind firewalls more vulnerable to attack.
Often, the security of one system depends on the security of other systems, leading to situations where attackers can infiltrate a large number of systems and cause those systems to attack one target. CERT thinks that as the sophistication of attacks increases, these types of asymmetrical attacks will increase as well.
The report also discusses the risk from attacks against infrastructures--worms and viruses, Distributed Denial of Service (DDoS) attack tools, attacks against DNS, and attacks against routers. CERT said that such threats significantly affect network availability, compromise sensitive information or lead to misinformation, and often have a serious economic influence. (The economic effect of the Code Red worm was estimated at $2.6 billion.)
CERT hopes the report will raise awareness and cause people to investigate various resources that can help make networking more secure. The seven-page report is available on the CERT Web site in PDF format.
