X

Hack attacks on Linux on the rise

Hackers are increasingly targeting Web servers based on the open-source operating system, while the number of successful attacks on Windows systems decreases, a new report finds.

Matthew Broersma Special to CNET News
2 min read
Hackers are increasingly targeting Web servers based on the Linux operating system, while the number of successful attacks on Windows systems decreases, according to a new report from a U.K. systems integrator.

The study by Mi2g also found that successful attacks on U.K. and U.S. government sites have decreased, which may be due to tougher laws and improved security.

In the past, hackers and virus writers have largely focused their efforts on the Windows platform, as its dominance on desktop PCs makes it a ready target. However, Linux has a large share of the Web server market, and Linux server applications are often vulnerable to attack because of mismanagement, according to the study.

Mi2g has recorded 7,630 successful attacks on Linux systems in the first six months of this year, up sharply from last year's 5,736 attacks. In the meantime, successful attacks on Windows systems running Microsoft's Internet Information Server (IIS) have fallen by 20 percent from 11,828 in the first half of 2001 to 9,404 in the first half of this year.

The total number of successful attacks for the first six months of the year rose by 27 percent, from 16,007 on 2001 to 20,371 in 2002.

The information is based on Mi2g's own research, which includes information on more than 6,000 hacker groups and records of more than 60,000 hacking events since 1995. The database includes the Computer Security Issues and Trends Survey from the Computer Security Institute and the FBI.

The firm urged Linux system administrators to be more vigilant about patching known security bugs. "A quick response in addressing all weaknesses as soon as they are known has now become critical," D.K. Matai, Mi2g's chairman and chief executive, said in a statement.

Mi2g said that successful attacks on U.S. government systems were down sharply, from 204 in the first half of last year to 54 in the first half of 2002. In the United Kingdom, government sites were hit 12 times in the first half of this year, compared with 38 times for the first six months of 2001.

The security firm attributed this drop partly to improved security in the wake of last September's terrorist attacks and partly to an amendment to the Cyber Security Enhancement Act passed in February 2002. The amendment gives a life imprisonment sentence to hackers who put lives at risk.

Mi2g is a systems integrator focused on security. The firm is based in London and mostly deals with companies in the banking and insurance sectors.

ZDNet U.K.'s Matthew Broersma reported from London.