The Internet has become a riskier place for businesses since the
autumn of 2001 and does not look like being any more secure in the
near future, according to security firm Internet Security Systems,
which has released its security incident figures for the first
quarter of 2002.
The 11 September terrorist attacks on the US, however, have not
prompted any obvious cyber attacks, ISS concluded.
Overall, Internet security has been undermined by a steady tide of
denial of service (DoS) attacks, as well as the rise of hybrid
attacks - attack tools that spread through multiple means, such as
the Web, e-mail, file sharing and instant messaging, ISS wrote.
Worms such as Code Red and Nimda are leading examples of hybrid
threats, though there have since been others.
"Internet risk will continue to increase as long as fundamental
Internet risk factors are not lessened in some way," ISS wrote.
"Attacks are now global in scope and round the clock in
incidence."
The company compiled its data from more than 350 high-volume
intrusion detection sensors it manages around the world.
One major risk factor that will be difficult to address is the way
the majority of attacks are being perpetrated. Almost 70% of
attacks in the first quarter of 2002, were launched on server port
80, the same port that carries Web traffic, ISS said. This poses a
particular problem because curtailing access to port 80 would also
hit Web traffic, the company wrote.
However, companies can take steps to reduce their vulnerabilities
to port 80, including turning off unused services, such as Web
server software on a file server, ISS wrote.
"Since almost 70% of malicious activity occurs as a result of entry
through port 80, it is obvious and imperative that firewalls should
be augmented with additional intrusion and defense technology,
since firewalls cannot prevent this form of unauthorised access in
their own right," the company wrote.
"There's no such thing as low threat [level] on the Internet," said
Dennis Treece, director of the X-Force Special Operations Group at
ISS. "If you're going to connect to it, you better have a suit of
armour."
The volume of attacks against port 80 is "troubling because it's
the wide-open door", Treece added. Many businesses that lack IT
expertise have seen firewalls as silver bullets in the past because
of their ability to block traffic, but as most firewalls allow
connections on port 80, this data shows that firewalls are being
marginalised, he said.
The Nimda worm, which infected hundreds of thousands of computers
in September 2001, is still widespread on the Internet, ISS wrote,
despite there being a patch available from Microsoft to block it.
Nimda is "a dominant, expensive and enduring threat", ISS
concluded.
Despite multiple warnings on the potential for cyber terrorist
attacks after 11 September, ISS did not see any indications of such
attacks.
"The events of 11 September had no apparent effect on malicious
Internet activity, but interest in security was up. So far, there
have been no cyber attacks that we can relate directly to the
physical attacks of11 September," the company wrote.
ISS also counted 537 new security vulnerabilities in software for
the quarter. Security vulnerabilities, and slowness to apply
patches to fix those holes, have resulted in a number of serious
security incidents, including the Code Red and Nimda worms.
"The software community, including developers, vendors and users,
is beginning to raise the profile of security within the
development process. Improvements, however, will take time," ISS
said. "As a result, the medium and long-term risk assessment for
the Internet remains significantly less than optimistic, with
hybrid threats continuing as the most dangerous form of attack."