Attackers seek weaknesses inside the firewall--Symantec

Vincent Weafer, senior director of Symantec Security Response, said cyber-attackers are shifting their efforts from outside the intranet boundary to inside.

The attackers are taking an increasing interest in intranet-facing private network services in common desktop personal computers.

According to Weafer, the farms of desktops inside the network perimeter provide a rich picking ground for attackers. They are often less secure than systems that face the Internet directly, making them attractive recruits for orchestrated actions such as denial-of-service attacks, said Weafer.

And email-borne worms and Trojans aren't the primary drivers behind the new trend. It is directly related to the growing family of Distributed Component Object Model (DCOM) vulnerabilities discovered in Microsoft's Remote Procedure Call (RPC) implementation, according to Symantec. The new varieties of attacks burrow directly through the network perimeter.

"It's not getting more difficult for the attackers," said Weafer.

Symantec estimates that new vulnerabilities--primarily in the Windows platform--are now being uncovered at a rate of around 70 per week and he gave clear indications that software companies are still unable to keep up.

Illustrating his concerns, Weafer claims that a Windows 2000 operating system with all current Microsoft security patches applied will still be vulnerable to malicious infiltrators.

Late last week, the company's Deep Sight global sensors recently registered an increase in attacks on TCP port 445, which is associated with Windows network file and print services, prompting the company to upgrade its threat warnings.

Symantec estimates the cyber-attack activity in the first six months of 2003 was 19 percent higher than during the corresponding period for 2002.