Return-Path: <sentto-279987-4412-1012527319-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Thu, 31 Jan 2002 17:37:09 -0800 (PST) Received: (qmail 16960 invoked by uid 510); 1 Feb 2002 01:35:01 -0000 Received: from n20.groups.yahoo.com (216.115.96.70) by all.net with SMTP; 1 Feb 2002 01:35:01 -0000 X-eGroups-Return: sentto-279987-4412-1012527319-fc=all.net@returns.groups.yahoo.com Received: from [216.115.97.164] by n20.groups.yahoo.com with NNFMP; 01 Feb 2002 01:24:23 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_1_3); 1 Feb 2002 01:35:18 -0000 Received: (qmail 59032 invoked from network); 1 Feb 2002 01:35:18 -0000 Received: from unknown (216.115.97.167) by m10.grp.snv.yahoo.com with QMQP; 1 Feb 2002 01:35:18 -0000 Received: from unknown (HELO red.all.net) (12.232.72.98) by mta1.grp.snv.yahoo.com with SMTP; 1 Feb 2002 01:35:18 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g111aT602307 for iwar@onelist.com; Thu, 31 Jan 2002 17:36:29 -0800 Message-Id: <200202010136.g111aT602307@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Thu, 31 Jan 2002 17:36:29 -0800 (PST) Subject: [iwar] [fc:Internet.threat.serious.and.growing,.report.claims] Reply-To: iwar@yahoogroups.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Internet threat serious and growing, report claims By Edmund X. DeJesus, Security Wire Digest, 1/31/02 <a href="http://www.riptech.com/securityresources/form9.html">http://www.riptech.com/securityresources/form9.html> The Internet is a rough neighborhood--and it's getting rougher, according to a report released last week by Riptech. Analysts of the Alexandria, Va.-based MSSP plowed through 5.5 billion logs from firewalls and IDSes and verified 128,678 external attacks on over 300 client organizations. "Previous studies relied on unreliable self-reported surveys or comparisons of organizations with different setups," says Tim Belcher, Riptech's CTO and primary author of the report. "We want to present empirical data, not speculation. The industry has too few facts and too many opinions." The organizations included private companies (72 percent), public companies (17 percent), non-profit organizations (7 percent) and government agencies (4 percent) in 25 countries. Collectively, they represent a million Internet-connected hosts. The period of study--the last half of 2001--was dominated by the Nimda and Code Red worms, which caused 63 percent of all attacks. Eliminating those two attacks produces suggestive statistical nuggets, including: --Average attacks per company increased by 79 percent. --Forty-three percent of companies had at least one potentially crippling attack. --Thirty-nine percent of attacks were deliberately targeted at specific companies or systems. --Public companies experienced double the number of attacks of private companies and non-profit organizations. The most-targeted industries were high tech (961 attacks), financial services (895), power and energy (725), and media/entertainment (706). Power and energy companies endured the highest percentage of severe attacks: 13 percent. Other highlights: --Organizations with fewer than 500 employees suffered fewer attacks. --Six of the top 10 types of attacks were specific to Microsoft Windows. --Attack intensity rose steeply following the Sept. 11 terrorist attacks. Riptech identified the United States as the biggest source of attacks (30 percent), followed by South Korea (9 percent) and China (8 percent). But when basing the results on number of attacks per Internet user, Israel was the largest source (26 percent). Critics question the report's assessment of other studies; the size of the group surveyed; the definition of attack intent and intensity; and other issues. Future versions of the report may include companies that are sources of attacks, as well as OSes being targeted. Lessons for CIOs are easy to discern: --External attacks via the Internet are real and growing threats. --Organizations are facing more--and more severe--attacks, depending on size, prominence, industry and public/private status. --Windows systems are significant targets. --Patches should be applied and all recommendations to secure your site followed. The most telling point: These organizations have already engaged third-party experts to fortify their defenses, and they're still getting hit. ------------------------ Yahoo! Groups Sponsor ---------------------~--> Sponsored by VeriSign - The Value of Trust Secure all your Web servers now - with a proven 5-part strategy. The FREE Server Security Guide shows you how. http://us.click.yahoo.com/iWSNbC/VdiDAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2002-12-31 02:15:03 PST