Internet Security Systems: Internet Risk Impact Summary Report
Internet Security Systems, Inc. (ISS) (Nasdaq: ISSX), today released its Internet Risk Impact Summary Report (IRIS) for the first quarter of 2003, which reveals a 36.6 percent increase in the number of security incidents and confirmed attacks from the prior fourth quarter of 2002. The increase in security incidents was coupled with a tremendous jump in overall security events, equaling ten times the amount of events in the fourth quarter of 2002. This spike in security events, typically in the form of suspicious activities like automatic probing and scanning for vulnerabilities in computer systems, directly correlates to a major increase in the number of new worms and hybrid threats tracked in the first quarter of 2003, which totaled 752 compared to 101 in the fourth quarter of 2002.
“The large increase in mass mailing, highly persistent worms and security events indicates that this year will be challenging for security officers and administrators around the world. These levels are consistent with our forecasts that show a steady amount of malicious activity on the Internet throughout 2003,” said Chris Rouland, director of Internet Security Systems’ X-Force™ security research and knowledge services organization. “Hackers, criminals and hactivists continue to disrupt services, commit online theft, and cause outages across the Internet by exploiting unprotected computers, especially by focusing their activities on critical and widely-deployed systems and infrastructure.”
Internet Security Systems’ IRIS is the only quarterly report to provide cyber attack trends based on factors such as the industry’s largest number of monitored security devices, actual attacks detected and researched vulnerabilities.
Highlights and Report Findings:
- Security Events: 26 percent of security events occurred over weekends in the first quarter of 2003 as compared to 23 percent in the fourth quarter. Friday showed the highest rate of security events throughout the quarter, registering an average 2,301,777. The Slammer worm discovered by ISS X-Force began its propagation on Saturday, January 25th.
The top two attack categories for security events include suspicious activity accounting for 73.5 percent of total events, and unauthorized access attempts at 11 percent.
After tracking 20 industry sectors targeted by attacks in the first quarter, the following major industries ranked in the following order of most to least attacked. Retail - 35 percent^; Financial Services - 11.5 percent^; Healthcare - 9 percent^; Manufacturing - 9 percent^; Federal and Local Government 1 - percent.
- Vulnerabilities: ISS added 606 new vulnerabilities to the X-Force database, a decrease compared to Q4 2002 when 644 new vulnerabilities where added.
The vulnerabilities for Q1 2003 were classified into the following risk levels: 156 High, 341 Medium and 109 Low. High security issues are those that allow immediate remote or local access, or immediate execution of code or commands with unauthorized privileges.
- Worms and Hybrid Threats: The number of threats outpaced vulnerabilities discovered 752 to 606 in Q1 2003. This statistic reveals a new security trend, which demonstrates that exploit development from the hacking underground is catching up with security research. This trend was observed with the recent X-Force alert on March 17th, documenting a vulnerability within the WebDAV component of Microsoft IIS Web server. Experts often describe this condition as “zero-day” attacks, or attacks against software vulnerabilities not yet known by software vendors.
- AlertCon™ Risk Levels: During the first quarter of 2003, ISS observed 67 days at AlertCon 1, 19 days at AlertCon 2, and 3 days at AlertCon 3 and 1 day at AlertCon 4, which is dedicated for the most severe attacks.
The X-Force changed to AlertCon 3 and 4 during the propagation of the Slammer worm and also observed AlertCon 3 during the disclosure of a vulnerability it discovered in the Sendmail mail transfer agent, and the subsequent exploit published by a third party on a popular online security forum.
Cybercrime News Archive