Security attacks jump 80 percent
Published: 04 Apr 2003 09:42 BST
The number of security events detected by companies in the first quarter of 2003 jumped nearly 84 percent over the preceding three months, according to a report that network-protection firm Internet Security Systems plans to release on Monday.
The increase in events, which can include minor probes for holes in network security as well as major attacks, stems mainly from an increase in worms and automated attack software, the company said in a summary of the report, which was seen by CNET News.com.
"The large increase in mass mailing, highly persistent worms and [in] security events indicates that this year will be challenging for security officers and administrators around the world," Chris Rouland, director of ISS's research and development team, said in the summary.
The study tallies the network events detected by ISS sensors deployed by some 400 clients around the world and outlines potential malicious online activity from 1 January to 31 March.
That period includes the attack of what many consider to be the first flash worm, an automated attack program that spreads so quickly that the responders can't react fast enough. The worm, SQL Slammer, infected 200,000 computers running Microsoft's SQL Server software that hadn't had a six-month-old patch applied. The worm is thought to have spread to 90 percent of all vulnerable servers in the first 10 minutes after it had been released on the Internet.
The report found that weekends accounted for only 26 percent of all events and that Friday was the most active day, with some 2.3 million events, on average, categorised as "anomalous activity." Such events are not attacks, but mainly -- in nearly three-quarters of the cases -- suspicious activity. An additional 11 percent were classified by ISS as unauthorised access attempts. Slammer started spreading late on a Friday night (US West Coast time).
ISS also found that online vandals are putting more effort into exploiting existing flaws than finding new ones. According to ISS data, 606 vulnerabilities were made public in the first three months of the year, while 752 new threats were identified. The company considers threats to be programs or code that make exploiting vulnerable systems easier.
Hackers are also using unknown flaws to attack systems. In March, the military detected that a previously unknown vulnerability in Microsoft's Windows 2000 operating system was being exploited by online intruders. Microsoft released a patch for the security hole five days later, but the incident acted as a reminder that there are a whole host of security flaws of which companies are not aware.
The report is scheduled to be available from ISS' Web site on Monday.
Let the editors know what you think in the Mailroom.
Did you find this article useful?
34 out of 73 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
