Symantec Internet Security Threat Report Sees Increased Danger of Blended Threats

CUPERTINO, Calif., Feb 3, 2003 (BUSINESS WIRE) -- Symantec (SYMC) , the world leader in Internet security, today released its Internet Security Threat Report, which provides the most comprehensive analysis of trends in cyber security activity. The report is the result of analysis of more than 30 terabytes of data and covers network-based attack activity, vulnerability discovery, and malicious code.

For more information:

For the first time, Symantec reports that the level of total cyber attack activity has decreased, falling 6 percent in the second half of 2002. The report also found that damage caused by recent blended threats, such as Opaserv, was considerably less than that caused by old threats, such as Code Red. Mixed with the encouraging news, Symantec also documented 2,524 new vulnerabilities in 2002, an increase of 81.5 percent over 2001. Symantec believes that the possibility of future, high impact, blended threats continues to represent one of the greatest risks to the Internet community.

"Symantec's Internet Security Threat Report, which is based on empirical analysis of the world's largest repository of security data, is the most reliable source of emerging trends in cyber security," said Amit Yoran, vice president, Symantec Managed Security Services. "This report provides CxOs and IT administrators with benchmarks and guidance to evaluate the effectiveness of their current and future security strategies."

Additional key findings include: Cyber Attack Trends -- Eighty-five percent of all attacks reported during the past six months were classified as pre-attack reconnaissance, while the remaining 15 percent were classified as various forms of exploitation attempts. -- Companies averaged 30 attacks per company per week over the past six months, as compared to 32 attacks per company per week during the prior six-month period. -- Power and Energy companies show the highest rate of both attack activity and severe event incidence. In addition, the Financial Services sector experienced an elevation in overall attack volume and severe event incidence. -- As a country's Internet usage grows, the potential for compromise grows; this is illustrated by the rise in incidents from countries like South Korea, where incident reports grew 62 percent over the previous six-month period. Vulnerabilities Trends -- Moderate and high severity threats drove the growth of new vulnerabilities. -- The relative ease with which attackers are able to exploit new vulnerabilities remained unchanged over the past year. Approximately 60 percent of all new vulnerabilities could be easily exploited either because the vulnerability did not require the use of exploit code or because the required exploit code was widely available. However, of the subset of vulnerabilities that required the use of exploit code, only 23.7 percent actually had exploit code available in 2002, as compared with 30 percent in 2001. Malicious Code Trends -- Blended threats, continued to constitute the most frequently reported threat. Blended threats combine the characteristics of viruses, worms, Trojan horses, and malicious code with server and Internet vulnerabilities to initiate, transmit, and spread an attack. -- Eighty percent of all malicious code submissions were caused by only three blended threats: Klez, Opaserv, and Bugbear. Further, 78 percent of all cyber attack activity detected by Symantec was related to both old and recent blended threats. About Symantec's Internet Security Threat Report

Insights in the Internet Security Threat Report are drawn from Symantec's breadth of world-leading resources. Cyber attack trends are drawn from the analysis of attack data collected in real time from a subset of thousands of intrusion detection systems and firewalls. These sensors are deployed in more than 40 countries as part of the Symantec's Worldwide Managed Security Services Operations. Vulnerability trends are based on statistical analysis of Symantec Response Team's extensive vulnerability database, which houses more than 6,000 vulnerabilities affecting more than 13,000 distinct products. Finally, malicious code trends are based on analysis of information generated by Symantec Response Team's Digital Immune System, which draws submitted virus data from more than 100 million antivirus products.

Symantec's Internet Security Threat Report is available on its Web site at www.symantec.com.

About Symantec

Symantec, the world leader in Internet security technology, provides a broad range of content and network security software and appliance solutions to individuals, enterprises and service providers. The company is a leading provider of client, gateway and server security solutions for virus protection, firewall and virtual private network, vulnerability management, intrusion detection, Internet content and e-mail filtering, remote management technologies and security services to enterprises and service providers around the world. Symantec's Norton brand of consumer security products is a leader in worldwide retail sales and industry awards. Headquartered in Cupertino, Calif., Symantec has worldwide operations in 38 countries. For more information, please visit www.symantec.com.

Note to Editors: If you would like additional information on Symantec Corp. and its products, please view the Symantec Press Center at http://www.symantec.com/PressCenter/ on Symantec's Web site. All prices noted are in US dollars and are valid only in the United States.

Symantec and the Symantec logo are trademarks or registered trademarks, in the United States and certain other countries, of Symantec Corp. Additional company and product names may be trademarks or registered trademarks of the individual companies and are respectfully acknowledged.