Hack attacks will only get worse

Hack attacks will only get worse

If you thought computer security was bad in 2001, you're not going to enjoy 2002. That was the message from SecurityFocus co-founder and CEO Arthur Wong in a presentation he gave at the RSA Conference 2002 last month.

The 11th annual RSA Conference drew over 10,000 attendees to discover details about new security products, as well as hear speeches about topics such as cyber-terrorism and cryptography, to say nothing of a couple of early morning songs from the rock band Cheap Trick. Wong's message to attendees, however, was considerably more sobering.

Despite such major security incidents as the Code Red and Nimda worms, "2001 wasn't as bad as it could have been".

In 2001, about 30 new software vulnerabilities were discovered each week, Wong said, marking a decrease in a trend that had seen the number of new vulnerabilities doubling every year for much of the late 90s. Wong expects that 2002 will bring a return to the old growth rates, predicting that 50 new software security holes will be found each week in the coming year.

Along with forward-looking figures, Wong also provided a glimpse into the raw number of attacks that companies faced in 2001. Wong's company, SecurityFocus, sells a security threat analysis and warning service, which draws its data from the intrusion-detection systems of about 10,000 companies in 150 countries on six continents. From those companies, Wong was able to present some interesting data.

In 2001, SecurityFocus customers experienced a total of more than 129 million network probes, often a precursor to a network attack. They also faced more than 29 million Web-based attacks, over 6 million denial-of-service attacks and about 154,000 Windows-specific attacks, he said.

The company's data also showed that, unsurprisingly, Windows in all its versions is attacked more than any other operating system, with over 31 million security incidents in 2001. On the Web server front, Microsoft was again the most popular target. Microsoft's IIS (Internet Information Services), the software that was exploited to spread Code Red and Nimda, was attacked over 17 million times, Wong said. SecurityFocus customers running the open-source Web server Apache were attacked only 12,000 times, he said.

Products most targeted by hackers in 2001

Operating systems

Microsoft Windows: 31 million incidents.

Unix (all versions): 22 million incidents.

Cisco Systems IOS: 7 million incidents.

Web servers

Microsoft (IIS): 17 million incidents.

Apache (open source): 12,000 incidents.

Source: SecurityFocus.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.


ARN Innovation Awards 2022

Innovation Awards is the market-leading awards program for celebrating ecosystem innovation and excellence across the technology sector in Australia.

EDGE 2022

EDGE is the leading technology conference for business leaders in Australia and New Zealand, built on the foundations of collaboration, education and advancement.

Brand Post

Show Comments