- The Washington Times - Monday, July 8, 2002

About 70 percent of all power and energy companies worldwide were hit by at least one severe Internet attack in the past six months an increase of 13 percent over the previous six months, according to a report released today.
The Internet Security Threat Report, written by Riptech Inc., an Alexandria-based Internet-security firm, said some of the attacks originated in countries on the Department of Homeland Security's Cyber-terrorism Watch List, but it was not clear whether crucial services here or abroad were being targeted by terrorist groups.
More attacks originated in the United States than anywhere else. Overall, about 80 percent of all attacks, including those not labeled as severe, came from 10 nations in North America, Western Europe and the Far East.
The report indicated that some smaller nations with a low number of per capita Internet users including those on the watch list were carrying out a significant number of Internet attacks.
About 51 attacks per 10,000 Internet users originated in Kuwait, and about 30 attacks per 10,000 users originated in Iran. But overall, attacks originating in countries on the watch list were less than 1 percent of the total attacks.
The average company received between three and seven attacks per month from watch-list nations. But Elad Yoran, executive vice president of Riptech and co-author of the report, did not discount the possibility that terrorist groups were beginning to use the Internet as a weapon.
"It's a little premature to reach that conclusion, but there are several observations that point in that direction," he said.
Riptech's report was derived from more than 400 companies in 30 countries. The company analyzed more than 1 million possible attacks and 180,000 confirmed attacks.
About 96 percent of all attacks were considered nonsevere, or nothing more than nuisances. An attack is considered severe if it requires some sort of action or intervention by the victim or security company assigned to protect the attacked system.
The overall number of attacks increased 28 percent during the past six months, and observers said hackers are becoming more aggressive and potentially more damaging.
"There has been a rise in the amount of aggressive attacks over time, and they are more likely to result in a compromise," Mr. Yoran said.
Overall, however, Riptech said the number of companies receiving severe attacks during the past six months decreased by nearly half, thanks to improved security measures.
The report indicated that most attacks come from viruses or worms, which are programs written by hackers to scan and exploit vulnerabilities in software. The vast majority of these viruses or worms do nothing more than scan company computer systems before being stopped by basic security measures such as firewalls. There were no reports in the past six months of security breaches considered serious enough to disrupt power or energy services.
Severe attacks were twice as likely to hit public companies than nonprofit groups or government agencies. High-tech firms, power and energy companies and financial-service companies received more Internet attacks than all nonprofits combined.
"Public companies tend to be more visible, and that doesn't help them," Mr. Yoran said.
Larger companies were attacked the most. Firms with more than 1,000 employees got hit 40 percent more often than companies with less than 1,000 employees.
The increase in overall attacks in the past six months has come despite the lack of any new big threats, such as the Nimda or Code Red worms that emerged in the summer and fall of last year and caused more than $2 billion in clean-up expense and lost productivity.
A worm called SQL Spida appeared in May, but it was merely a nuisance to most firms. Code Red and Nimda, which are still active, have done little damage this year because companies have installed the necessary security patches. Overall, less than 1 percent of companies received severe attacks from these three worms this year.
Mr. Yoran did not rule out the possibility of a new worm emerging this year.
"Because we haven't seen one in the last six months does not mean we won't see one," he said.

Copyright © 2018 The Washington Times, LLC. Click here for reprint permission.

The Washington Times Comment Policy

The Washington Times is switching its third-party commenting system from Disqus to Spot.IM. You will need to either create an account with Spot.im or if you wish to use your Disqus account look under the Conversation for the link "Have a Disqus Account?". Please read our Comment Policy before commenting.


Click to Read More and View Comments

Click to Hide