Web-based attacks set to soar

Traditional incidents such as virus and Denial of Service attacks remained at or above previous levels, but automated scripts against common vulnerabilities are now the most significant online risk, said Internet Security Systems.

The threats will continue to increase until fundamental internet risk factors are dealt with, the company said in its Internet Risk Impact Summary Report for the first quarter of 2002.

‘Attacks are now global in scope and round-the-clock in incidence,’ said ISS.

The company compiled the data from more than 350 high-volume intrusion detection sensors managed by ISS around the world. During the quarter, more than 537 new vulnerabilities were uncovered and documented.

Two major vulnerabilities included significant flaws in the PHP scripting language, most commonly used in Apache web servers, and multiple vulnerabilities in Simple Network Management Protocol v1.

Nearly 70% of all attacks in the first quarter of 2002 used port 80, a common port devoted to web traffic. ISS said companies can reduce this risk by turning off unused services, such as web server software on a file server.

According to ISS, the events of 11 September had no apparent effect on malicious internet activity, although interest in security was increased.

Related reading

HMRC banknotes