Group: Attacks Spike in September
- By Scott Bekker
An independent security vendor based in London, mi2g, says September was the third consecutive record-setting month for what it calls "overt digital attacks."
By the numbers: mi2g logged 9,011 attacks in September, compared with 5,830 in August and 4,904 in July. Coinciding with the September spike is an explosion in attacks on Windows-based systems -- the 5,854 attacks on Windows systems alone surpasses the previous record for attacks on all operating systems in one month.
D.K. Matai, chairman and CEO of mi2g, takes the news as evidence that the traditional relegation of patching to the weekend when reboots could be tolerated is becoming a major liability. "When there are tens of thousands of machines across an organization including servers and desktops it is difficult to manage reboot-patch-reboot regimes on a near daily basis," Matai said in a statement. "Invariably some mission critical machines don't get patched in time despite the best will to do so. Those are perfect doorways for hackers and they are being exploited ruthlessly."
A PDF chart on the mi2g Web site graphing attack volumes from 1999 to 2002 shows an enormous spike in the second half of 2002. Mi2g offers what it calls a conservative projection that by the end of 2002 digital attacks will have numbered 55,000. That compares with 31,322 in 2001, 7,821 in 2000, 4,197 in 1999 and 269 in 1998. The chart is available here:
Part of the reason for the spike in Windows system attacks is an increase in politically motivated hacking of U.S. government targets, which run the Microsoft operating system, according to mi2g. The number of attacks against U.S. government systems doubled between August and September, the group says. The mi2g attribute much of this activity to groups with anti-United States, anti-Israel and anti-India views.
The security organization defines overt digital attacks as incidents when a hacker group has gained unauthorized access to an online system and has modified publicly visible components while executing data attacks or command and control attacks. The statistics do not include attacks that only the attacker and victim are aware of, let alone attacks the victim organization is unaware of.
Scott Bekker is editor in chief of Redmond Channel Partner magazine.