Symantec CTO Robert Clyde warned Thursday that there is a growing gap between the speed at which security attacks are being launched and the industry’s ability to respond. Speaking at the Global E-commerce Summit at the United Nations, Clyde said that historically most attacks on Web sites are classified as Class III threats because they tend to take several hours and even days to execute. But in recent months, the industry has seen the emergence of Class II attacks–also known as Warhol attacks–that manifest themselves in minutes. “Over 90 percent of hosts that came under attack from SQL Slammer were hit in under 10 minutes,” said Clyde. “We call these Warhol threats because they make themselves famous in about 15 minutes.” Before long, Clyde predicts that groups of hackers working in concert will be able to launch attacks in seconds to create a set of Class I attacks, also known as Flash attacks. “The attacks are increasing in frequency and in complexity,” noted Clyde. “And the bar to becoming an attacker is being lowered because the tools are getting more sophisticated. Someone can now learn to use the tools effectively in weeks to months rather than years.” The eventual rise of Flash attacks means that the industry will have to take a more proactive approach to security because the attacks will happen faster than humans can respond, said Clyde. “The vulnerability threat window is shrinking and in theory could become zero. We used to have six months between when a vulnerability was discovered to come up with a patch before somebody exploited it. But for Code Red, the time was only 28 days.” Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.