Security flaws decrease but malicious code grows, says ISTR

Web-based threats still favoured attack vector

Hackers are targeting a smaller number of security flaws with larger amounts of malicious code, according to Symantec's latest Internet Security Threat Report (ISTR) 2010.

The number of security vulnerabilities documented by the security giant fell 18 per cent in 2009, down from 5,491 to 4,501.

However, the number of malicious code signatures grew 71 per cent to 2.9 million, more than half (51 per cent) of all the signatures ever created.

Those malicious code signatures have been incorporated into nearly a quarter of a billion (240 million) distinct malicious programs, 100 per cent more than 2008.

The main trends were an increase in targeted enterprise attacks, with web-based methods being the favored attack vector.

The report also said that readily available malicious code kits made it easy for relatively inexperienced hackers to mount attacks.

Stephen Trilling, security, technology and response senior vice president at Symantec, explained that where attackers used to launch simple scams they now launch highly sophisticated espionage campaigns.

"These attackers target some of the world's largest corporations and government entities. The international scale of the attacks requires the co-operation of both the private sector and world governments," he said.

ISTR's league table of malicious activity by country shows an increase in activity in emerging countries such as Brazil and India.

Those two countries now stand third and fifth in Symantec's table, with malicious activity up two per cent and one per cent respectively.

One reason for the increase in malicious activity in emerging countries is the rapid growth in network connectivity, according to the report.

The level of malicious activity in India has been increasing steadily over several reporting periods as its broadband infrastructure and user base grows.

The country experiencing most malicious activity was still the US, but this was down four per cent on 2008.

China was second, with Germany fourth, both with a one per cent decrease on 2008.

Malicious activity in the UK dropped two per cent, leading to its ranking in the ISTR dropping from fourth to sixth.