Security exploits are being created more easily and faster than ever, with attackers targeting e-commerce sites for financial gain, according to new research.
Attacks against e-commerce companies increased by 400 per cent during the last six months, according to the latest Internet Security Threat from Symantec.
The firm's sixth bi-annual global security report covering the fist half of this year found that the sector was the single most targeted industry, with nearly 16 per cent of attacks against it. This compared with just four per cent reported during the previous six months.
This rise may indicate a shift from attacks motivated by notoriety to attacks motivated by economic gain, the report speculated. This possibility is further illustrated by an increase in phishing scams and spyware designed to steal confidential information and pass it along to attackers.
Attacks against web application technologies were also found to have jumped sharply, due in part to the increasingly widespread deployment of such technology within organisations and the relative ease with which they can be exploited.
The report noted that almost 82 per cent of documented web application vulnerabilities were classified as easy to exploit, thereby representing a significant threat to an organisation's infrastructure and critical information assets.
Symantec's data indicates that the time between the announcement of a vulnerability and the release of associated exploit code is becoming progressively shorter, with the average vulnerability-to-exploit window over the last six months dropping to just 5.8 days.
Once an exploit has been released, the vulnerability is often widely scanned for and quickly exploited. This short window leaves organizations with less than a week to patch vulnerable systems, the research warned.
Arthur Wong, vice president, Symantec Security Response and Managed Security Services, said: "Software vulnerabilities and targeted attacks remain a primary area of concern for organisations and individuals."