[ISN] Worms boost cyberattack stats for 2003

From: InfoSec News (isnat_private)
Date: Thu Apr 03 2003 - 22:53:36 PST

  • Next message: InfoSec News: "[ISN] Fed Agencies Asleep at the Wheel"

    http://news.com.com/2100-1009-995380.html
    
    By Robert Lemos 
    Staff Writer, CNET News.com
    April 3, 2003
    
    The number of security events detected by companies in the first
    quarter of 2003 jumped nearly 84 percent over the preceding three
    months, according to a report that network-protection firm Internet
    Security Systems plans to release Monday.
    
    The increase in events, which can include minor probes for holes in
    network security as well as major attacks, stems mainly from an
    increase in worms and automated attack software, the company said in a
    summary of the report, which was seen by CNET News.com.
    
    "The large increase in mass mailing, highly persistent worms and (in)  
    security events indicates that this year will be challenging for
    security officers and administrators around the world," Chris Rouland,
    director of ISS's research and development team, said in the summary.
    
    The study tallies the network events detected by ISS sensors deployed
    by some 400 clients around the world and outlines potential malicious
    online activity from Jan. 1 to March 31.
    
    That period includes the attack of what many consider to be the first
    flash worm, an automated attack program that spreads so quickly that
    the responders can't react fast enough. The worm, SQL Slammer,
    infected 200,000 computers running Microsoft's SQL Server software
    that hadn't had a 6-month-old patch applied. The worm is thought to
    have spread to 90 percent of all vulnerable servers in the first 10
    minutes after it had been released on the Internet.
    
    The report found that weekends accounted for only 26 percent of all
    events and that Friday was the most active day, with some 2.3 million
    events, on average, categorized as "anomalous activity." Such events
    are not attacks, but mainly--in nearly three-quarters of the
    cases--suspicious activity. An additional 11 percent were classified
    by ISS as unauthorized access attempts. Slammer started spreading late
    on a Friday night PST.
    
    ISS also found that online vandals are putting more effort into
    exploiting existing flaws than finding new ones. According to ISS
    data, 606 vulnerabilities were made public in the first three months
    of the year, while 752 new threats were identified. The company
    considers threats to be programs or code that make exploiting
    vulnerable systems easier.
    
    Hackers are also using unknown flaws to attack systems. In March, the
    military detected that a previously unknown vulnerability in
    Microsoft's Windows 2000 operating system was being exploited by
    online intruders. Microsoft released a patch for the security hole
    five days later, but the incident acted as a reminder that there are a
    whole host of security flaws of which companies are not aware.
    
    The report is scheduled to be available from ISS' Web site on Monday.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Apr 04 2003 - 01:31:03 PST