Verisign released recently the new volume of their Internet Security Intelligence Briefing. The paper focuses on two major areas of cyber security - vulnerability trends and spam.

Vulnerabilities’ Trends

Verisign reports that in Q3 2004 there was a 150% growth in the number of security events per device per day over Q3 2003. The US leads the list with 90% of the security events generated in the period July-September 2004. Another of Verisign’s assertions is that although the sophistication of the attacks increse, the exploits are becoming easier to create.

Attackers have apparently been brushing up on their programming skills as well. Exploit code has become increasingly sophisticated lately. Sample exploits, those that can be quickly found online, used to be of very poor quality, requiring a skilled programmer to painstakingly edit the code in order to produce a working exploit. In contrast, sample exploit code this past quarter has been surprisingly simple to make work. This refined skill on the part of the experts is in turn enabling junior hackers, A.K.A. ?script kiddies,? to wreak havoc much more quickly.

Finally, it is important to recognize that attackers are attacking an increasing number of platforms - PDAs, cell phones, routers, even… well, maybe not yet, your refrigerator.

Spam

Although a federal legislation went into effect on January 1, 2004, the CAN-SPAM hasn’t had much effect, according to Verisign’s report. Spam solicitations become increasingly aggressive, and the spammers use increasingly novel methods to collect email addresses. There are some interesting statistics, such as the fact that spam, although accounting for 80% of email messages, it only accounts to 21% of the bandwidth consumed. These numbers seem to debunk two of the main myths about spam - the storage and bandwidth costs are the largest and suggest that mainly the management of the increased number of messages, filtering, and detection are among the main costs of spam and the fight against it.