Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

'Relentless' pace of hack attacks

From: InfoSec News <isn () c4i org>
Date: Wed, 24 Sep 2003 00:33:35 -0500 (CDT)
http://news.bbc.co.uk/1/hi/technology/3131512.stm

23 September, 2003

The huge number of day-to-day attacks that websites suffer has been 
revealed with the aid of two fake banking sites. 
Over an eight-week period the two dummy websites, one with a firewall 
and one without, suffered thousands of attacks. 

On average the unprotected website was attacked more than 2,000 times 
per week and the protected site more than 200 times. 

Many of the attacks were rated as "high risk" and, if the websites 
were real, could have seen data destroyed or important customer 
information stolen. 

Constant barrage 

The two dummy sites were set up by net provider PSINet and security 
firm PanSec International to demonstrate the relentlessness of online 
malicious hack attacks. 

The fake websites were made to look like they were operated by 
European banks. One was protected with a standard firewall but the 
other was left almost defenceless. 

Over the eight weeks that the sites were left online, the unprotected 
website was attacked a total of 19,128 times, roughly once every four 
minutes. 

The protected website fared better but was attacked 1,672 times, 
almost once every hour. 

More than a third of the attacks on the protected website were so 
severe that they crashed the site and could have resulted in the loss 
of data. 

Open door 

Neil Downing, a spokesman for PSINet, said that although a firewall 
can stop 90% of attacks, firms should not think that simply installing 
one is all the protection they need. 

"Surprisingly more than 50% of our customers do not have even the most 
basic of firewalls in place and that is a very conservative estimate," 
he said. 

"This is comparable to an individual not having a lock on their front 
door - in other words it's the most basic first line of defence." 

Mr Downing said firms needed to be vigilant to ensure that they are 
doing enough to keep malicious hackers and computer vandals at bay. 

Jeremy Brown, chief executive of PanSec, said many firms were more 
complacent about security than they should be. 

"They tend to think that if they have not been compromised then that 
means their security is adequate," he said. 



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: