SAN FRANCISCO, Calif. -- While the number of unique variants of malicious software more than quadrupled in 2007, lost laptops and storage devices -- not malicious software -- were the most common cause of a data breaches, security firm Symantec said in its latest Internet Security Threat Report released on Tuesday.
The report, based on data from more than 40,000 network devices and 120 million systems running Symantec software, found more than 700,000 new threats in the 2007, an increase of 468 percent over 2006. The attacks increasingly focused on stealing confidential information, with 68 percent of the top-50 threats targeting confidential information in the second half of 2007, up from 53 percent during the same period in 2006.
"This is not your mom's malicious code," Steve Trilling, vice president of security technology and response for Symantec, said during a morning keynote session at the RSA Security Conference. Symantec is the parent company of SecurityFocus.
Yet, the theft of computers and storage devices, not malicious code, accounted for the majority of lost data. In the latter half of the year, such physical theft accounted for 57 percent of data breaches, up from 46 percent in the first half of 2007, the report stated. While the government had only the second highest number of breaches -- 20 percent of the total compared to 24 percent for the education sector -- those breaches accounted for 60 percent of identity theft, the report stated.
Vulnerabilities in Web sites are increasingly being attacked to compromise trusted sites and use them to host malicious code, the report stated. More than 11,250 site-specific cross-site scripting vulnerabilities were identified in the latter half of 2007, compared to almost 7,000 flaws in the first half of the year, Symantec said. Only about 4 percent of the vulnerabilities had been patched by administrators during the period, the company said.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos