[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] Worms boost cyberattack stats for 2003



http://news.com.com/2100-1009-995380.html

By Robert Lemos 
Staff Writer, CNET News.com
April 3, 2003

The number of security events detected by companies in the first
quarter of 2003 jumped nearly 84 percent over the preceding three
months, according to a report that network-protection firm Internet
Security Systems plans to release Monday.

The increase in events, which can include minor probes for holes in
network security as well as major attacks, stems mainly from an
increase in worms and automated attack software, the company said in a
summary of the report, which was seen by CNET News.com.

"The large increase in mass mailing, highly persistent worms and (in)  
security events indicates that this year will be challenging for
security officers and administrators around the world," Chris Rouland,
director of ISS's research and development team, said in the summary.

The study tallies the network events detected by ISS sensors deployed
by some 400 clients around the world and outlines potential malicious
online activity from Jan. 1 to March 31.

That period includes the attack of what many consider to be the first
flash worm, an automated attack program that spreads so quickly that
the responders can't react fast enough. The worm, SQL Slammer,
infected 200,000 computers running Microsoft's SQL Server software
that hadn't had a 6-month-old patch applied. The worm is thought to
have spread to 90 percent of all vulnerable servers in the first 10
minutes after it had been released on the Internet.

The report found that weekends accounted for only 26 percent of all
events and that Friday was the most active day, with some 2.3 million
events, on average, categorized as "anomalous activity." Such events
are not attacks, but mainly--in nearly three-quarters of the
cases--suspicious activity. An additional 11 percent were classified
by ISS as unauthorized access attempts. Slammer started spreading late
on a Friday night PST.

ISS also found that online vandals are putting more effort into
exploiting existing flaws than finding new ones. According to ISS
data, 606 vulnerabilities were made public in the first three months
of the year, while 752 new threats were identified. The company
considers threats to be programs or code that make exploiting
vulnerable systems easier.

Hackers are also using unknown flaws to attack systems. In March, the
military detected that a previously unknown vulnerability in
Microsoft's Windows 2000 operating system was being exploited by
online intruders. Microsoft released a patch for the security hole
five days later, but the incident acted as a reminder that there are a
whole host of security flaws of which companies are not aware.

The report is scheduled to be available from ISS' Web site on Monday.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo@xxxxxxxxxxxxx with 'unsubscribe isn'
in the BODY of the mail.