 |
|
DAILY NEWS AND INFORMATION
FOR THE GLOBAL GRID COMMUNITY / JULY 21, 2003; VOL. 2 NO. 29
|
Breaking News -
Security:
ISS' X-Force Releases Internet
Risk Impact Summary Report
Internet Security Systems Inc (ISS) has released its Internet Risk Impact
Summary Report (IRIS) for the second quarter of 2003, which reveals that the
number of serious security incidents increased by 13.7 percent from the first
quarter. While low-level hacking activity decreased slightly, ISS X-Force
researchers attribute the increase in confirmed security incidents to a larger
number of threats that take advantage of known vulnerabilities. Over the past
two quarters, the gap between methods of attack, known as threats, and
vulnerabilities in software and systems has narrowed. Hacking activity takes
advantage of this narrowed gap, using older threats and techniques that are
widely known by hackers, but not patched by IT departments and thus still open
to attack.
"Historically, the number of vulnerabilities has outpaced threats. The
increase in threats is overwhelming companies that cannot keep up with the
demands of patching systems," said Chris Rouland, vice president of Internet
Security Systems' X-Force security intelligence team. "The challenge most
companies must deal with is discovering and protecting the most critical risks
within their organizations. As a long-term goal, they need to minimize
vulnerabilities, as hackers will try to attack less-protected systems and
emerging platforms."
Internet Security Systems' IRIS is the only quarterly report to provide
cyber
attack trends based on factors such as the industry's largest number of
monitored security devices, actual attacks detected and researched
vulnerabilities.
Highlights and Report Findings:
- Security Trends: The X-Force expects an increasing risk from attackers
targeting emerging Internet communities, especially users that make use of
broadband access from a home office, wireless technologies, and file sharing
and messaging applications. This increased risk is also a result of corporate
laptops and workstations being used outside the organization on home-based
broadband networks.
HTTP, SNMP In, SMTP, and FTP are ports targeted and used often by
attackers.
While FTP and HTTP are still among the top-ten attack destinations, attacks
have decreased on these ports by an average of 46 percent and 96 percent over
the last six quarters. This is likely due to patching of vulnerable code-bases
and better protection of the FTP and HTTP ports in particular.
- Security Events: 24.5 percent of security events occurred over weekends
in
the second quarter of 2003. Wednesday showed the highest rate of security
events, registering an average of 1,809,222.
After tracking 20 industry sectors targeted by attacks in the second
quarter,
the following major industries ranked in the following order of most to least
attacked. Services - 24.23 percent; Financial & Insurance Services - 19.43
percent; Retail - 15.69 percent; Manufacturing -10.6 percent; Federal, State
and Local Government - 7.56 percent; Food & Drug - 5.16 percent; Information
Technology - 4.26 percent; Healthcare - 2.86 percent.
- Vulnerabilities: ISS added 727 new vulnerabilities to the X-Force
database, a 20 percent increase compared to Q1 2003 when 606 new
vulnerabilities where added.
The vulnerabilities for Q2 2003 were classified into the following risk
levels: 209 High, 377 Medium and 141 Low. High security issues are those that
allow immediate remote or local access, or immediate execution of code or
commands with unauthorized privileges.
- Worms and Hybrid Threats: The gap narrowed between vulnerabilities and
threats for the second consecutive quarter:
- 654 threats were identified in Q2 2003 compared to 727 vulnerabilities
in Q2 2003
- 752 threats were identified in Q1 2003 compared to 606 vulnerabilities
in Q1 2003
- Historically, from Q1 through Q4 2002: 494 threats compared to 2,374
vulnerabilities
- AlertCon Risk Levels: During the second quarter of 2003, ISS observed 83
days at AlertCon 1, 8 days at AlertCon 2, and 0 days at AlertCon 3 and 0 days
at AlertCon 4, which is reserved for the most severe attacks.
Investigation of an exploit for the Sendmail Email Processing Vulnerability
resulted in four days at AlertCon 2. In addition, the acceleration of
Bugbear.B worm's infection rate in the first 24 hours of propagation raised
the threat to AlertCon 2 for four days.
The X-Force Daily AlertCon, a measure of current and forecasted Internet
threats, is available on the ISS Web site at www.iss.net. Determined
by the X-Force, the AlertCon level (1-4) provides a real-time indication of
the Internet threat environment. The daily AlertCon level helps customers
quickly determine the prevailing Internet threat condition and review critical
security details.
The complete Q2 2003 Internet Risk Impact Summary Report is available for
free
download on Internet Security Systems' Web site at gtoc.iss.net/. For
more information on the latest security protection including response
strategies to hybrid threats, ISS white papers are available online at
www.iss.net/support/documentation/otherwhitepapers.php.
X-Force Internet Risk Impact Summary Report Methodology
Developed by the X-Force, Internet Security Systems' world-leading security
intelligence organization, each IRIS report includes statistical data and
trend analysis derived from examining more than 400 network and server- based
intrusion detection sensors. This data was gathered on a 24/7 basis from April
1 to June 30, 2003. This international sample is drawn from four continents
and represents all major industries including banking/insurance,
telecommunications, manufacturing/retail/food, entertainment, healthcare,
government, utilities, transportation/aviation, and information technology. In
operation since 2001, Internet Security Systems' X-Force Global Threat
Operations Center (GTOC) based in Atlanta analyzes the security data for this
report gathered from ISS' five security operations centers (SOCs) located
around the world. The IRIS report also includes X-Force laboratory research,
and industry information gathered from interaction with top government,
industry, and academic sources to detail the most accurate and holistic
Internet threat assessment in the industry.
|