iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > News > Security News > VeriSign Internet Security Briefing: Security Events Grow 150 Percent
Search:
[ news_security_news ]

VeriSign Internet Security Briefing: Security Events Grow 150 Percent



SecurityProNews
Staff Writer
2004-11-17

SecurityProNews: Insider Reports Insider Reports RSS Feed


VeriSign released the fourth edition of the VeriSign Internet Security Intelligence Briefing (ISIB) today.

The ISIB report details Internet usage and growth trends as well as threat, vulnerability and fraud patterns. The briefing also provides an in-depth look at spam, offering insight into the issue of unwanted email, its relationship to Internet crimes, the challenges it poses to organizations and consumers, and techniques to address the problem.

This fourth version of the ISIB covers the period from July 2004 through September 2004. Among other findings, the research shows that the number of security attacks have declined slightly from the first and second quarter of 2004, although the quantity of attacks is still significantly higher than the third quarter of 2003. In addition, the report shows that the level of sophistication and potential damage from incidents continues to climb. In particular, new hybrid attacks are being initiated by more sophisticated hackers, who are increasingly motivated by financial reward, rather than notoriety.

Internet Usage and Growth

VeriSign's Payment Services currently process more than 35 percent of North American e-commerce. By analyzing this payment data, VeriSign has been able to track a number of trends. First, overall e-commerce dollar volume has increased more than 25 percent since the third quarter of 2003. During the third quarter of 2004, the number of active Secure Sockets Layer (SSL) certificates worldwide increased by 19 percent as compared to the third quarter of 2003. Fraud rates continue to grow even faster than e-commerce. The U.S. topped the ranking for countries with the highest volume of fraudulent transactions, followed by Vietnam and Indonesia during the third quarter of 2004. Countries included in this ranking were selected based on the number of transactions that originated from identified addressees from that nation.

Further, the Former Yugoslav Republic of Macedonia ranked first in the percentage of total fraudulent transactions during the third quarter of 2004. For the fraudulent transaction listing, countries were selected based upon the number of risky transactions that originated from the identified IP addresses from that nation. Transactions deemed risky are based upon review of multiple fraud screen filters, including identification of stolen credit card numbers, comparison of shipping and mailing addresses for discrepancies, as well as other techniques.

Additionally, domain name registration data showed that both .com and .net top-level domains continued to exhibit strong growth in the third quarter of 2004 as compared to 2003 levels. There is also growing evidence of the increasing intensity of domain name usage. More than 70 percent of domain names are now tied to a live site, and Domain Name System (DNS) resolution requests for .com and .net (a proxy for total Internet activity), now average more than 14 billion per day, a 27 percent increase as compared to the third quarter of 2003. DNS queries ranged between 400 billion and 450 billion per month.

Internet Vulnerabilities, Other Security Events and Fraud

Research indicates that hackers are becoming more creative, efficient, persistent and intelligent, as evidenced by the growing number of hybrid attacks. A new generation of "sophisticated hackers" is taking advantage of system exploits as part of larger information/identity theft attack efforts. Additionally, VeriSign intelligence found that multiple pieces of malware were developed during the third quarter of 2004 to exploit mobile operating-system vulnerabilities. The briefing also notes a 150 percent growth in security events per device per day as compared to the third quarter of 2003.

Spotlight on Spam

During the past 12 months, Internet crime has become more organized and directed toward achieving financial reward. Spam solicitations have become increasingly aggressive to combat more effective filtering solutions that limit the number of victims they can reach. However, when a spammer does make contact with a user, they often maximize the scam's potential with the victim they have claimed. Spam continues to be the primary vector for Internet crimes, including advance fee fraud, phishing ploys and work-at-home carding schemes. Networks of captured machines or "botnets" are now routinely used to deliver spam, which can help seed virus distributions and Distributed Denial of Service (DDoS) attacks. The report offers techniques to reduce email abuse, including spelling out special email characters such as the "at" sign or
period. Such measures prevent hackers from identifying and then harvesting large numbers of addresses using robots or spiders that scan the Internet for recognized email symbols. In addition, the report suggests the use of separate email accounts for newsgroups or discussion boards; this allows better monitoring and disposal of spam.

The data and intelligence included in the ISIB is unique to VeriSign, and is derived from the company's suite of intelligent infrastructure services, which overlay much of the Internet and telecommunications networks. These include the DNS infrastructures that enable 14 billion daily Internet interactions, the telephony infrastructures that enable three billion daily telephony and mobile interactions, and the payment infrastructures that process $100 million of daily e-commerce. Security data is derived from services that monitor, correlate and resolve more than 250 million daily security events from firewall, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Virtual Private Networks (VPN) and endpoint systems at some of the world's most sensitive networks.

The briefing is available today, November 16, and can be accessed at:
http://www.verisign.com/Resources/Intelligence_and_Control_Services_White_Papers/page_005574.html


About the Author:
SecurityProNews is a daily online and email publication focusing on internet security issues.

More news_security_news Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - $line) { echo $line ; } ?> All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds