While Cyber Attacks Are Down, New Threats Emerge

According to Symantec Corp.'s Internet Security Threat Report, not including viruses and worm-like malware, cyberattacks were down 6% for the second half of 2002. But finance companies and utilities continue to get the most pounding from attackers.

According to the report, issued Monday, companies were attacked an average of 30 times per week between June and December of last year; compared with 32 times per week in the first six months of the year. The vast majority of these attacks, 85%, was actually scans searching for potential vulnerabilities; the remaining 15% constituted attempted or successful attacks.

The most startling trend from the report was the number of new software vulnerabilities discovered-nearly 50 a week, an 81.5% jump over such discovered software vulnerabilities 2001. According to Symantec, the rise was driven almost exclusively by vulnerabilities the security firm considers severe.

The Slammer worm that struck on Jan. 25 attacked against one such severe software vulnerability. And according to a new study (available at http://www.caida.org/analysis/security/sapphire/) by the Cooperative Association for Internet Data Analysis, the Slammer, or Sapphire worm as it's also called, was the fastest- spreading worm in Internet history. It infected 90% of vulnerable systems within 10 minutes of its arrival on the Internet and doubled the number of infected hosts every 8.5 seconds.

As Slammer began spreading throughout the Internet, it doubled in size every 8.5 seconds and infected more than 90% of vulnerable hosts within 10 minutes. While Slammer spread faster than Code Red, it infected 75,000 systems, compared with the nearly 360,000 systems Code Red infected on July 19, 2001, in about 14 hours. According to CAIDA, at the height of its strength, Code Red infected 2,000 new systems each minute.

Code Red managed to infect more systems than Slammer, experts say, because there were more vulnerable Microsoft Internet Information Services (which Code Red used a vulnerability to infect target systems) exposed to the Internet than vulnerable Microsoft SQL Server and MSDE 2000 systems for Slammer to infect.

Chief information security officers worry that worse attacks are coming. "This thing was only 376 bytes and look at what it did," says Lloyd Hession, chief information security officer with financial network provider Radianz. "Imagine if it had a destructive payload. It could have been a lot worse."