Record wave of hacking targets UK businesses

by Bill Goodwin, © 2002 ComputerWeekly.com Ltd. All rights reserved

Cyber-attacks reached their highest-ever recorded level this month as pro-Islamic groups launched a new wave of attacks in protest at western governments' support of the war against terrorism and the threatened war against Iraq.

Wednesday, 30 October 2002
- The victims were not governments, but small- and medium-sized companies, particularly in the US and UK, now considered by politically-motivated hackers as legitimate economic targets.

Since the anniversary of the 11 September terror attacks, the number of malicious hacking attempts reported worldwide have increased almost by a factor of three. In just four weeks, digital attacks caused damage worldwide of more than £3.5bn, as political hacking groups increasingly focus on what they perceive as economic targets.

These politically-motivated attacks, in tandem with a new generation of computer viruses which exploit specific software vulnerabilities, will lead to a projected doubling in the annual cost of cyber-attacks in the coming year to £25bn.

The predictions, from security consultancy mi2g which maintains a database of overt hacking attempts around the world, have raised questions about the state of readiness of governments and the private sector for dealing with the onslaught.

Much of the damage has been caused by small groups of politically-motivated hackers equipped with a new generation of hacking tools that can scour the Internet for computers with vulnerabilities and launch automated attacks.

One of the most prolific teams is a group known as the Unix Security Guards, which opposes the US and the UK governments for their stance on the war against terrorism. This group of only five hackers has been responsible for more than 1,500 attacks this month alone.

The tendency for software suppliers to add new features to their products - and with them new security vulnerabilities - is one of the underlying causes for the dramatic increase in malicious hacking.

"The emphasis has been on adding more features and more bells and whistles," said DK Matai, mi2g's chairman and CEO. "Nobody has focused on robustness and resilience. Unfortunately security is not an add-on feature. You have to architect the product right from the beginning with a perspective on security," he added.

Despite its high-profile security initiatives, Microsoft's Windows has leapt into first place as the favourite operating system for hackers, attracting nearly 60% of the attacks compared to 25% for Linux.

But IT users must also bare their share of responsibility, Matai said. "We still feel that board executives are not sufficiently interested in the whole area of digital security," he said. "Often the patching of vulnerabilities found in software can be delayed by two or three months. And even in some less lethargic organisations, patching is left as an activity which is done at the weekend."

SIPS Intelligence Briefing for October 2002, mi2g Ltd

Renowned worldwide for the ATCA Briefings. Subscribe now.
Home - Profile - Values - People - Careers - Partners - Contact Us
D2 Banking - Bespoke Security Architecture - Digital Risk Management - Tools

Intelligence Briefings - Brochures - Case Studies -
SIPS Methodology FAQ (pdf)
Keynote Speeches - Articles - News Feeds - Glossary (pdf)
Terms and Conditions - Privacy Policy