[ISN] 'Relentless' pace of hack attacks

From: InfoSec News (isn@private)
Date: Tue Sep 23 2003 - 22:33:35 PDT

Next message: InfoSec News: "Re: [ISN] Intrusion detection team denies Trojan claim"

Previous message: InfoSec News: "[ISN] Norton Antivirus product activation cracked"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://news.bbc.co.uk/1/hi/technology/3131512.stm

23 September, 2003

The huge number of day-to-day attacks that websites suffer has been 
revealed with the aid of two fake banking sites. 
Over an eight-week period the two dummy websites, one with a firewall 
and one without, suffered thousands of attacks. 

On average the unprotected website was attacked more than 2,000 times 
per week and the protected site more than 200 times. 

Many of the attacks were rated as "high risk" and, if the websites 
were real, could have seen data destroyed or important customer 
information stolen. 

Constant barrage 

The two dummy sites were set up by net provider PSINet and security 
firm PanSec International to demonstrate the relentlessness of online 
malicious hack attacks. 

The fake websites were made to look like they were operated by 
European banks. One was protected with a standard firewall but the 
other was left almost defenceless. 

Over the eight weeks that the sites were left online, the unprotected 
website was attacked a total of 19,128 times, roughly once every four 
minutes. 

The protected website fared better but was attacked 1,672 times, 
almost once every hour. 

More than a third of the attacks on the protected website were so 
severe that they crashed the site and could have resulted in the loss 
of data. 

Open door 

Neil Downing, a spokesman for PSINet, said that although a firewall 
can stop 90% of attacks, firms should not think that simply installing 
one is all the protection they need. 

"Surprisingly more than 50% of our customers do not have even the most 
basic of firewalls in place and that is a very conservative estimate," 
he said. 

"This is comparable to an individual not having a lock on their front 
door - in other words it's the most basic first line of defence." 

Mr Downing said firms needed to be vigilant to ensure that they are 
doing enough to keep malicious hackers and computer vandals at bay. 

Jeremy Brown, chief executive of PanSec, said many firms were more 
complacent about security than they should be. 

"They tend to think that if they have not been compromised then that 
means their security is adequate," he said. 



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo@private with 'unsubscribe isn'
in the BODY of the mail.

Next message: InfoSec News: "Re: [ISN] Intrusion detection team denies Trojan claim"
Previous message: InfoSec News: "[ISN] Norton Antivirus product activation cracked"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Sep 24 2003 - 01:29:37 PDT