|
Internet security threats increasing in maliciousness
and criminal intent: CompTIA
19 June, 2005
by Mark Cox
Internet communications and commerce continue to be exploited
with malicious intent as incidents of browser-based attacks
and phishing scams surged in the past year, according to the
Computing Technology Industry Association (CompTIA).
The number of organizations reporting they have suffered a
browser-based attack increased significantly for the third
consecutive year, to 56.6 percent of the nearly 500 organizations
that participated in the CompTIA Study on IT Security and
the Workforce. Last year 36.8 percent of organizations reported
they were the victims of a browser-based attack, which uses
browser systems and user system permissions to disrupt computer
functions. Two years ago the figure was 25 percent.
Phishing attacks also increased by an alarming number, the
third annual study found. One-quarter of organizations said
they were the victim of a phishing attack in the last 12 months,
up from 18 percent last year. Phishing scams use phony e-mail
messages to steal valuable information such as credit card
and Social security numbers, user IDs and passwords.
Viruses and worms continue to be the number one IT security
threat, though the number of these attacks has leveled off.
Two-thirds of responding organizations reported they had experienced
such attacks in the past year, down from 68.6 percent a year
ago.
But that does not mean that the damage worms and viruses
can do should be underestimated. In 2004, for example, the
Sasser worm infected more than 500,000 computers. Within a
month's time, the worm had mutated several times and a malicious
hybrid appeared, causing havoc by stealing personal information
as it passed from system to system.
"Though security software has become increasingly more
advanced in its ability to detect threats to networks, applications
and operating systems, hackers are sophisticated enough to
reverse engineer patches and launch counter-offensives to
vulnerable systems within 48 hours," said Brian McCarthy,
chief operating officer, CompTIA.
The CompTIA study also found that new security threats to
wireless and portable technology are proving costly to manufacturers
and consumers across the globe. One such example is "pharming,"
where scammers create fraudulent a Web site containing some
information from a legitimate Web site in order to capture
confidential information from unsuspecting users.
"Even the most sophisticated security software solution,
which can provide 24 hours of security detection and assessment,
cannot replace fully the need for IT security awareness and
training in the workplace," McCarthy added. "IT
security administrators must be continually educated on new
threats and solutions to keep pace with the dynamic landscape."
CompTIA commissioned TNS Prognostics, a leader in market
research and consulting for the IT industry, to conduct the
study to identify current IT security practices and highlight
security challenges confronted by organizations of varying
sizes and sectors. Four hundred and eighty-nine professionals
from government, IT, financial, education and other sectors
were surveyed.
For more information on the study please visit: http://www.comptia.org/sections/research.aspx
|
