February 3, 2003 12:05 PM PST
Report: Net attacks on businesses down
Attempts to compromise such networks dropped by 6 percent on average between the first half of 2002 and the latter half, said security company Symantec in its biannual Incident Security Threat Report.
Moreover, none of the incidents could be attributed to cyberterrorism, and incursions coming from countries on the U.S. government's Cyber Terrorist Watch List--which includes countries such as Iran, Indonesia and Pakistan--accounted for only 1 percent of all incidents, according to the report.
"This is the first time that we've seen a drop in the number of attacks," said Arthur Wong, vice president of Symantec's security response team.
Released every six months, the Incident Security Threat Report collects data on network probes and attacks from more than 400 companies that share incident information with the Cupertino, Calif.-based security company. The report was previously published by managed security provider Riptech, now a subsidiary of Symantec.
The study also found that the number of severe incidents--defined as access attempts that threaten to breach a network's security, rather than vandalize a site, for example--had decreased, dropping to 21 percent in the latter half of last year, compared with 23 percent in the first half.
Not all the news is good.
The number of vulnerabilities found in software in 2002 jumped 82 percent over the previous year, and the number of severe flaws found was 85 percent higher. Because the number of vulnerabilities skyrocketed, the absolute number of exploit programs--code created to take advantage of the flaw--increased. But the percentage of vulnerabilities for which hackers had created exploit programs dropped to 24 percent last year from 30 percent the year before, stated the report.
The reason: Experienced hackers and security coders couldn't keep up with the increase in vulnerabilities, said Wong. "I have seen nothing that shows that people don't want to create and use exploit code," he said.
Targeted attacks resulting from the use of such exploit code aren't all that common. Worms, which typically are more random, account for three-quarters of all the incidents detected, stated the report. Of the remaining quarter, more than 85 percent were probes from potential attackers that were intended to assess security. The remaining 15 percent--or 4 percent of all incidents--were likely caused by online attackers trying to access a computer or a network.
And while cyberterrorism has been ruled out, infrastructure companies--mainly financial services and power companies--were found to be the most likely to be attacked. Almost 60 percent of all power companies were likely to have a serious incident during the six-month period studied, while financial services companies came in second with a 48 percent probability.
Wong underscored that the incidents didn't seem to be related to any terrorist acts, however.
"We haven't been able to link anything back to cyberterrorism," he said. "(These companies) just have more Internet infrastructure, and with more dispersed attacks, a greater number (of attacks) hits those companies' networks."