[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ISN] 'Relentless' pace of hack attacks
23 September, 2003
The huge number of day-to-day attacks that websites suffer has been
revealed with the aid of two fake banking sites.
Over an eight-week period the two dummy websites, one with a firewall
and one without, suffered thousands of attacks.
On average the unprotected website was attacked more than 2,000 times
per week and the protected site more than 200 times.
Many of the attacks were rated as "high risk" and, if the websites
were real, could have seen data destroyed or important customer
The two dummy sites were set up by net provider PSINet and security
firm PanSec International to demonstrate the relentlessness of online
malicious hack attacks.
The fake websites were made to look like they were operated by
European banks. One was protected with a standard firewall but the
other was left almost defenceless.
Over the eight weeks that the sites were left online, the unprotected
website was attacked a total of 19,128 times, roughly once every four
The protected website fared better but was attacked 1,672 times,
almost once every hour.
More than a third of the attacks on the protected website were so
severe that they crashed the site and could have resulted in the loss
Neil Downing, a spokesman for PSINet, said that although a firewall
can stop 90% of attacks, firms should not think that simply installing
one is all the protection they need.
"Surprisingly more than 50% of our customers do not have even the most
basic of firewalls in place and that is a very conservative estimate,"
"This is comparable to an individual not having a lock on their front
door - in other words it's the most basic first line of defence."
Mr Downing said firms needed to be vigilant to ensure that they are
doing enough to keep malicious hackers and computer vandals at bay.
Jeremy Brown, chief executive of PanSec, said many firms were more
complacent about security than they should be.
"They tend to think that if they have not been compromised then that
means their security is adequate," he said.
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo@xxxxxxxxxxxxx with 'unsubscribe isn'
in the BODY of the mail.