Quantcast
Subscribe to magazine

Security Incidents Skyrocket

Fast-spreading worms pose the greatest threat.

James Niccolai, IDG News Service

  • 0 Yes
  • 0 No

The number of computer security incidents and attacks detected at businesses worldwide soared by 37 percent between the fourth quarter of 2002 and the first quarter of this year, fueled in part by a surge in the number of mass-mailing worms, according to a report due out Monday from Internet Security Systems.

Editor's note: The figure above is a correction posted April 7, 2003. The error was due to incorrect data supplied by Internet Security Systems.

"What we're seeing out there is a lot more folks being extremely active and a lot more malicious behavior," said Peter Allor, manager of ISS's X-Force Threat Analysis Services division, which compiled the report. "We've also seen a corresponding high degree of Web site defacements."

Challenging Times

The large increase in worms and other security-related incidents point to a challenging year ahead for IT security staff, the organization said in a statement.

The tally includes relatively minor activities, such as scanning corporate networks for vulnerabilities, and more serious events such as the Slammer worm, which emerged in January and according to some experts was the fastest spreading worm yet.

The number of worms and hybrid threats between January 1 and March 31 totaled 752, compared with 101 in the fourth quarter of 2002, the report found. X-Force also noted an increase in the number of "zero day" attacks, in which hackers attack a software vulnerability that is not yet known about by vendors.

Focused Response

Faced with such an abundance of activity, businesses can help themselves by focusing on the security threats that pose the most risk to them, Allor said.

"When you have almost 300 issues a month coming out, the important part is, how do you focus on the ones that are significant to you?" he said.

The severity ratings assigned by IT vendors are only one factor to consider when determining how to respond to a threat. Businesses should also look at where the affected system resides in the network, what level of risk they are prepared to tolerate for that system, and how well the system is protected by firewalls and other technologies, he said.

The report tracked 20 industry sectors over the quarter. Retail businesses were attacked the most, accounting for 35 percent of attacks; financial services accounted for 11.5 percent; healthcare and manufacturing 9 percent each; and federal and local government 1 percent, the report found.

The frequency of attacks on an industry may reflect several factors, including the proportion of IT dollars spent by that industry on security and how successful hackers have been in the past at targeting a particular sector. Hackers tend to "follow the path of least resistance," Allor said.

Report Results

XForce's Internet Risk Impact Summary report draws information from more than 400 network and server-based intrusion detection sensors located at businesses on four continents and spanning all major industries, according to X-Force.

Among the other findings:

  • of all the events reported by businesses in the quarter, the top categories were "suspicious activities," which includes scanning networks for vulnerabilities, and accounted for 73.5 percent of total events, and unauthorized access attempts, which accounted for 11 percent.

  • 26 percent of security events occurred over weekends in the first quarter of 2003, and most events occurred on a Friday. The Slammer worm began its propagation on Saturday, January 25.

Allor said it's hard to determine if the number of malicious hackers at work is increasing.

"There are a lot of folks out there hacking, and quite honestly, there's a real lack of ethical behavior. A lot of it is against the law, but because of the anonymity a lot of people think it's cool to do anyway.

"Do we have a lot more hackers? That's a real hard thing to quantify. We estimate there are upwards of 3 million in the U.S. Those aren't all the top class of hackers, which is good news. A lot of them are just taking tools that are out there, putting them together and seeing if they work. There are 3 million doing some kind of malicious behavior. That's our estimate," Allor said.

The full report was due to be available for free Monday from ISS's Web site.

  • Recommend this story?
  • 0 Yes
    0 No

Print 65% more pages than with refilled inks. Trust Original HP Inks. Hit Print Reliably.

Featured APC Accessories For Your System
10% Off Entire Cart at Online Store

  • APC Back-UPS ES Safeguards your equipment from damaging surges and spikes that travel along your utility & data lines.
  • APC SurgeArrest Performance Highest level of protection for your professional computers, electronics and connected devices, as well as provides surge protection.

People who read this also read:

  • 2007 Microsoft Office Suites Comparison This paper compares and contrasts four suites of the 2007 Microsoft Office system: Microsoft Office Standard 2007, Microsoft Office Professional Plus 2007, Microsoft Office Enterprise 2007 and Microsoft Office Ultimate 2007. This paper is intended to help organizations understand the applications and capabilities offered, and to identify the suite that best fits their needs.
  • Windows Vista Migration: The Business Proposition It's not so much a matter of "if" but "when" for most organizations regarding migration to Windows Vista. Laying the groundwork now for this migration can yield higher ROI than waiting until later. This Computerworld Technology Briefing explains it all.

PC World's Marketplace