Hackers enjoy a bad patch

by David Neal, © 1995-2002 VNU Business Publications Ltd. All rights reserved

Monday, 9th September 2002 - Experts say failure to patch systems have allowed security breaches to surge

August was a record-breaking month for attacks on IT systems by hackers, according to security firm mi2g, and 2002 is set to become the worst year for digital attacks since its records began in 1995. mi2g said the growing threat makes it vital for firms to regularly check the security of systems and apply patches.

mi2g releases reports on a monthly basis as part of its Intelligence Briefing papers. It said that worldwide there were 5,830 reported attacks in August and the total for the year to date is over 31,000. In 2001 there were just 31,332 attacks in total. mi2g predicted that for the whole of this year there will be at least 45,000.

In a separate report published earlier this month, mi2g indicated that Windows was the most vulnerable operating system and the one most likely to be hacked.

The company said the number of attacks on Windows-based systems was steadily rising, increasing by five percent in June and 12 percent in July. In comparison, it found that attacks on Linux systems were falling, and in June they declined by as much as 39 percent.

However, the targets and numbers of attacks continue to fluctuate. In April and May, Linux systems were attacked in far greater numbers - 2,192 in April and 2,057 in May - than Windows systems, which were attacked 1,677 and 1,991 times.

In June and July this trend was reversed and Windows systems were compromised more often than Linux platforms.

mi2g said that attacks on Linux systems were encouraged by exploitable vulnerabilities being discovered in open-source third-party applications.

However, it added that poor administration may also contribute to the problem.

Ian Williams, security analyst at research company Datamonitor, said that most attacks came about when vulnerabilities in particular systems were publicised. "According to [security watchdog] Cert, around 95 percent of Web defacements are due to the failure to patch known vulnerabilities. It wouldn't surprise me if there is a strong correlation between the discovery and publication of vulnerabilities and the systems that are attacked. Most [companies] simply don't have the capability to effectively prioritise patches according to where the greatest risk lies."

Mark Lillycrop, chief executive of research firm Arcati, agreed and warned firms not to read too much into the fluctuating statistics. "Attacks are often due to new flaws being publicised," he added. "There are some sad people out there who like to take advantage of any new security weakness that comes to light, and they tend to have a bandwagon effect."

A total of 27,273 successful attacks have been reported to mi2g so far this year. Of these, 47 percent were against systems running Windows, 36 percent were against Linux-based systems and 17 percent were against various other operating systems, including Unix, BSD, Solaris and AIX.

Renowned worldwide for the ATCA Briefings. Subscribe now.
Home - Profile - Values - People - Careers - Partners - Contact Us
D2 Banking - Bespoke Security Architecture - Digital Risk Management - Tools

Intelligence Briefings - Brochures - Case Studies -
SIPS Methodology FAQ (pdf)
Keynote Speeches - Articles - News Feeds - Glossary (pdf)
Terms and Conditions - Privacy Policy