Guides ISS Releases Q2 2002 Internet Risk Impact Summary Report

ISS Releases Q2 2002 Internet Risk Impact Summary Report




Internet Security Systems (ISS), a provider of information protection solutions, has released its Internet Risk Impact Summary Report (IRIS) for the second quarter of 2002. Internet Security Systems’ IRIS provides cyber-attack trends based on the industry’s largest number of monitored security devices, actual attacks detected and researched vulnerabilities.

Internet Security Systems’ IRIS provides cyber-attack trends based on the industry’s largest number of monitored security devices, actual attacks detected and researched vulnerabilities.

The report includes statistical data and trend analysis derived from network and server-based intrusion detection sensors monitoring major multinational networks around-the-clock on four continents.

Here’s a summary of the report’s findings:

  • Risk Levels: Average risk level for second quarter 2002
    continued to signal that a completely unprotected network device will
    be compromised in less than a day after connecting it to the Internet.
    April and May were relatively normal with only modest additional risk
    noted. June experienced a significant risk increase due to the
    well-publicized vulnerabilities and associated exploits for Apache Web
    server and Open SSH. The Apache vulnerabilities may lead to modified
    Web content, denial of service, or further compromise. Apache accounts
    for over 63 percent of all active Web sites. A serious vulnerability in the
    default installation of Open SSH on the OpenBSD operating system
    jeopardizes a secure replacement for protocols such as Telnet, Rlogin,
    Rsh, and Ftp by making them vulnerable to a remote, superuser
    compromise.

  • Hybrid Threats: Hybrid threats continue to pose the most significant
    online risk as previously reported. The Nimda worm continued to be the
    dominant, expensive and enduring hybrid threat in spite of a modest
    decrease in Nimda hits per hour as compared to the last reporting
    period. This slight change can be attributed to better clean-up efforts
    and more effective security measures. Most of the ongoing Nimda attacks
    are attributed to infected machines in small businesses and homes.

  • Vulnerabilities: During the quarter, 610 new vulnerabilities were
    uncovered and documented by the X-Force. These vulnerabilities included
    a major common flaw in Microsoft’s SQL Server, which enables attackers
    to cause SQL Server services to fail or allow unauthorized access to
    the system. The most serious vulnerability and exploitation pair during
    this reporting period, though, was in the extremely popular open-source
    Apache Web server application. This vulnerability and exploitation may
    pose one of the most serious risks to Internet connectivity due to its
    ability to allow remote control of an undetermined number of Apache Web
    servers.

  • Destination Ports: Virtually unchanged from the first quarter report,
    nearly 70 percent of all attacks in the second quarter of 2002 used port 80, a
    common port devoted to Web traffic. A significant new port, port 1433,
    showed activity associated with the recently announced SQL worm. Over
    half a million SQL worm events from over 7,500 different sources were
    recorded this quarter proving a good example of a known weakness being
    exploited by a worm that automatically seeks out a weakness and
    exploits it instantly. Also of note, this reporting period recorded an
    increase in scans targeting networks running port 21 (File Transfer
    Protocol or FTP), which is one of the oldest protocols and one of the
    most commonly exploited services on the Internet.

  • Latest Posts

    Related Stories