[ISN] 'Relentless' pace of hack attacks

From: InfoSec News (isn@private)
Date: Tue Sep 23 2003 - 22:33:35 PDT

  • Next message: InfoSec News: "Re: [ISN] Intrusion detection team denies Trojan claim"

    http://news.bbc.co.uk/1/hi/technology/3131512.stm
    
    23 September, 2003
    
    The huge number of day-to-day attacks that websites suffer has been 
    revealed with the aid of two fake banking sites. 
    Over an eight-week period the two dummy websites, one with a firewall 
    and one without, suffered thousands of attacks. 
    
    On average the unprotected website was attacked more than 2,000 times 
    per week and the protected site more than 200 times. 
    
    Many of the attacks were rated as "high risk" and, if the websites 
    were real, could have seen data destroyed or important customer 
    information stolen. 
    
    Constant barrage 
    
    The two dummy sites were set up by net provider PSINet and security 
    firm PanSec International to demonstrate the relentlessness of online 
    malicious hack attacks. 
    
    The fake websites were made to look like they were operated by 
    European banks. One was protected with a standard firewall but the 
    other was left almost defenceless. 
    
    Over the eight weeks that the sites were left online, the unprotected 
    website was attacked a total of 19,128 times, roughly once every four 
    minutes. 
    
    The protected website fared better but was attacked 1,672 times, 
    almost once every hour. 
    
    More than a third of the attacks on the protected website were so 
    severe that they crashed the site and could have resulted in the loss 
    of data. 
    
    Open door 
    
    Neil Downing, a spokesman for PSINet, said that although a firewall 
    can stop 90% of attacks, firms should not think that simply installing 
    one is all the protection they need. 
    
    "Surprisingly more than 50% of our customers do not have even the most 
    basic of firewalls in place and that is a very conservative estimate," 
    he said. 
    
    "This is comparable to an individual not having a lock on their front 
    door - in other words it's the most basic first line of defence." 
    
    Mr Downing said firms needed to be vigilant to ensure that they are 
    doing enough to keep malicious hackers and computer vandals at bay. 
    
    Jeremy Brown, chief executive of PanSec, said many firms were more 
    complacent about security than they should be. 
    
    "They tend to think that if they have not been compromised then that 
    means their security is adequate," he said. 
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Wed Sep 24 2003 - 01:29:37 PDT