Internet attacks up 28% in 2002

Cyberattacks on companies rose 28% during the first half of 2002, according to a new report released by security services company...

Cyberattacks on companies rose 28% during the first half of 2002, according to a new report released by security services company Riptech.

The Riptech Internet Security Threat Report tracked security data from the firewalls and intrusion detection systems of over 400 companies in over 30 countries from 1 January to 30 June. Seventy-four percent of the companies in the study had fewer than 1,000 employees, with 14% employing more than 5,000 workers.

The companies that were monitored experienced an average of 32 attacks per week in the period, up from 25 in the previous period, according to the company.

The seventh annual Computer Crime and Security Survey conducted by the Computer Security Institute and the US Federal Bureau of Investigation last year found that 90% of responding companies had faced a cyberattack in 2001.

Companies involved in critical infrastructure work, such as power and energy companies, were bigger targets for attackers, with 70% of such companies undergoing a severe attack in the six-month period, up from 57% facing such a threat in 2001, Riptech said. Overall, public companies were nearly twice as prone to attack as private companies, non-profit groups and government agencies, the study found.

"Virtually all statistics indicate that Internet attack activity remains intense, pervasive and potentially severe," the study said.

Despite that severity, Riptech found that the range of attacks used was fairly narrow. Ninety-nine percent of attacks focused on just 20 services, including HTTP, FTP and Telnet.

"Unprotected organisations do face a significant potential of risk," said Elad Yoran, executive vice-president and co-founder of Riptech.

However, Riptech also found that "companies may be achieving some level of success in defending against Internet attacks", with the number of companies suffering severe attacks over the last six months down by nearly half - to 23%.

In order to better protect themselves, companies should combine the use of security hardware, such as firewalls and intrusion detection systems, with realtime security monitoring, a service Riptech offers, Yoran said. Other companies, such as TruSecure, SecurityFocus and Counterpane Internet Security also offer monitoring services.

Companies also need to devote more time to training their employees about good computer security, he added.

Additionally, data collected by Riptech found that little attack traffic is being sent from countries listed by the US State Department as supporters of terrorism or cyberterrorism. Less than 1% of the total attack traffic seen over the period came from countries on the State's cyberterrorism watch list, the company said. These included Iran, Pakistan, Egypt, Indonesia and Kuwait.

Countries identified by the US government as supporters of terrorism - Iraq, Syria, North Korea and Libya - were not found to be the source of any attacks for the first half of the year, though that could be due to different attack techniques and an inability to get data on such attacks, the company said.

"We've not seen any credible evidence of cyberterrorism taking place from those countries," Yoran said. This does not mean that attacks are not originating with these countries, however, as attackers inside those countries could be taking over PCs elsewhere and using those systems for attack, he said.

Despite the lack of current evidence, "we do believe there is a credible threat of cyberterrorism," he said.

Read more on IT risk management