Worms boost cyberattack stats for 2003
Security company Internet Security Systems finds an 84 percent increase in the number of security events between the last quarter of 2002 and the first quarter of 2003.
The increase in events, which can include minor probes for holes in network security as well as major attacks, stems mainly from an increase in worms and automated attack software, the company said in a summary of the report, which was seen by CNET News.com.
"The large increase in mass mailing, highly persistent worms and (in) security events indicates that this year will be challenging for security officers and administrators around the world," Chris Rouland, director of ISS's research and development team, said in the summary.
The study tallies the network events detected by ISS sensors deployed by some 400 clients around the world and outlines potential malicious online activity from Jan. 1 to March 31.
That period includes the attack of what many consider to be the first flash worm, an automated attack program that spreads so quickly that the responders can't react fast enough. The worm, SQL Slammer, infected 200,000 computers running Microsoft's SQL Server software that hadn't had a 6-month-old patch applied. The worm is thought to have spread to 90 percent of all vulnerable servers in the first 10 minutes after it had been released on the Internet.
The report found that weekends accounted for only 26 percent of all events and that Friday was the most active day, with some 2.3 million events, on average, categorized as "anomalous activity." Such events are not attacks, but mainly--in nearly three-quarters of the cases--suspicious activity. An additional 11 percent were classified by ISS as unauthorized access attempts. Slammer started spreading late on a Friday night PST.
ISS also found that online vandals are putting more effort into exploiting existing flaws than finding new ones. According to ISS data, 606 vulnerabilities were made public in the first three months of the year, while 752 new threats were identified. The company considers threats to be programs or code that make exploiting vulnerable systems easier.
Hackers are also using unknown flaws to attack systems. In March, the military detected that a previously unknown vulnerability in Microsoft's Windows 2000 operating system was being exploited by online intruders. Microsoft released a patch for the security hole five days later, but the incident acted as a reminder that there are a whole host of security flaws of which companies are not aware.
The report is scheduled to be available from ISS' Web site on Monday.