According to Symantec's figures, which encompass the second half of 2002 and are based on data from a sample set in over 400 companies in 30 countries, the rate of network-based attacks was 6% lower than the rate recorded during the prior six-month period.
It is noted, however, that these figures do not include worms, such as the SQL Slammer that almost crippled the internet for two days last month.
On average, there were 30 attacks per company per week, compared to 32 attacks during the first half of the past year. Approximately 85% of this activity was classified as "pre-attack reconnaissance", and the remaining 15% was classified as various forms of "attempted or successful exploitation," according to the report.
The study also found that the number of severe incidents – access attempts aiming to compromise a corporate network's security – declined slightly. Specifically, 21% of companies in the sample reported at least one severe event in the second half of 2002, as compared to 23% in the first half of the same year.
Also, the current severe event rate remains "far below" the rate of 43% which was recorded during the same period in 2001, according to Symantec.
But Symantec said that, despite the decline, average attack rates per company during the second half of 2002 remained 20% higher than the rate recorded during the same six-month period in 2001.
Also, the report claims, the number of new software vulnerabilities exposing corporate networks to malicious incidents has increased by 81.5% over 2001, with the number of severe flaws being 85% higher.
Nevertheless, the relative ease with which attackers could exploit new vulnerabilities remained unchanged in 2002. Symantec attributes the rise in reported vulnerabilities to more responsible disclosure by software makers, and more sophisticated attacks.
The report found that power and energy companies were the most frequent victims. Also, larger companies, measured in terms of employee count, apparently experienced a higher volume and a greater severity of attacks.
According to Symantec, none of the incidents recorded could be attributed to cyber terrorism and fewer than 1% of the attacks originated from countries on the US government's Cyber Terrorist Watch List, which includes countries such as Iran, Pakistan and Indonesia.
In fact, Symantec said, the US is by far the first in the top-ten "attacking countries," accounting for 35.4% of all attacks detected during the second half of 2002.
Second on the list of offenders is South Korea with 12.8%, followed by China (6.9%), Germany (6.7%) and France (4%). The UK is, according to the report, in ninth place, accounting for 2.2% of attacks recorded.