Internet Security Systems (ISS), a provider of information protection solutions, has released its Internet Risk Impact Summary Report (IRIS) for the second quarter of 2002. Internet Security Systems’ IRIS provides cyber-attack trends based on the industry’s largest number of monitored security devices, actual attacks detected and researched vulnerabilities.
Internet Security Systems’ IRIS provides cyber-attack trends based on the industry’s largest number of monitored security devices, actual attacks detected and researched vulnerabilities.
The report includes statistical data and trend analysis derived from network and server-based intrusion detection sensors monitoring major multinational networks around-the-clock on four continents.
Here’s a summary of the report’s findings:
continued to signal that a completely unprotected network device will
be compromised in less than a day after connecting it to the Internet.
April and May were relatively normal with only modest additional risk
noted. June experienced a significant risk increase due to the
well-publicized vulnerabilities and associated exploits for Apache Web
server and Open SSH. The Apache vulnerabilities may lead to modified
Web content, denial of service, or further compromise. Apache accounts
for over 63 percent of all active Web sites. A serious vulnerability in the
default installation of Open SSH on the OpenBSD operating system
jeopardizes a secure replacement for protocols such as Telnet, Rlogin,
Rsh, and Ftp by making them vulnerable to a remote, superuser
compromise.
online risk as previously reported. The Nimda worm continued to be the
dominant, expensive and enduring hybrid threat in spite of a modest
decrease in Nimda hits per hour as compared to the last reporting
period. This slight change can be attributed to better clean-up efforts
and more effective security measures. Most of the ongoing Nimda attacks
are attributed to infected machines in small businesses and homes.
uncovered and documented by the X-Force. These vulnerabilities included
a major common flaw in Microsoft’s SQL Server, which enables attackers
to cause SQL Server services to fail or allow unauthorized access to
the system. The most serious vulnerability and exploitation pair during
this reporting period, though, was in the extremely popular open-source
Apache Web server application. This vulnerability and exploitation may
pose one of the most serious risks to Internet connectivity due to its
ability to allow remote control of an undetermined number of Apache Web
servers.
nearly 70 percent of all attacks in the second quarter of 2002 used port 80, a
common port devoted to Web traffic. A significant new port, port 1433,
showed activity associated with the recently announced SQL worm. Over
half a million SQL worm events from over 7,500 different sources were
recorded this quarter proving a good example of a known weakness being
exploited by a worm that automatically seeks out a weakness and
exploits it instantly. Also of note, this reporting period recorded an
increase in scans targeting networks running port 21 (File Transfer
Protocol or FTP), which is one of the oldest protocols and one of the
most commonly exploited services on the Internet.