Monday, March 13, 2006 

Internet Security Facts

Antivirus firm McAfee claims there are more than 58,000 virus threats currently in existence, and the antivirus company Symantec estimates that ten to 15 new viruses are discovered each day.

Code Red II, the self-propagating Internet worm, is slowly working its way around the United States, causing sporadic outages and running up an immense tab in its wake. The economic cost of the original Code Red worm and its more malicious cousin, Code Red II, has risen to more than $2 billion, according to the research company Computer Economics. The Carlsbad, a California based firm, which keeps a tally of the projected damage caused by computer viruses, told NewsFactor Network that the cost is mushrooming by about $200 million per day. Recently, total damage was estimated to be about $1.2 billion. The worms multiply by scanning for other vulnerable systems. After identifying a target server, the virus runs a program that causes a file on the server to crash.

"The worm creates traffic inside a subnet, creating traffic in addition to what comes in from the outside," director of research for the SANS Institute Alan Paller told NewsFactor. "The additional traffic clogs the bandwidth, slowing everything down--or in some instances, actually forcing the operator to shut down."

Spam ranks as the number two problem for ISPs. 33.7 percent of ISPs have had spam-induced outages. 75.9 percent of ISPs say spam increases their operating costs.

Infrastructure security is now the number one concern keeping CIOs awake at night, according to new survey data released by New York IT search firm John J. Davis & Associates. Three years ago, security issues barely registered on their priority lists, but today, more than 90 percent of the 228 senior IT executives interviewed said improving the security and integrity of systems and databases is their most pressing need, even superseding the need to bring IT projects in on time and within budget. In 1997, only 57 percent cited security as a top priority.

“The growth of Internet and e-commerce initiatives has sparked a new focus on security issues,” said John Davis. “Hackers and viruses still abound, and have brought security to the top of CIOs’ lists of concerns, according to our latest opinion data.”

In 2000, a survey of 300 firms showed that all but one acknowledged being hit by a major virus this year -- even though 70 percent of desktops, 91 percent of servers, 45 percent of firewalls and proxies, and 80 percent of email gateways were running anti-virus products (International Computer Security Association (ICSA)).

130 million US workers send 2.8 billion email messages a day. 50 percent of employees report receiving racist, sexist, pornographic, or otherwise inappropriate email at work. 27 percent of Fortune 500 companies have defended themselves against claims of sexual harassment stemming from inappropriate email (Nancy Flynn 'The E-Commerce Handbook').

Companies admit that their information systems are under siege. A recent report revealed that 47 percent of 563 U.S. organizations surveyed has been attacked through the Internet, up 37 percent from 1996. While 43 percent of respondents reported attacks from within, 47 percent said they experienced external attacks (Computer Security Institute; FBI).

With a 323 percent rise over the last year, intellectual property theft is now costing corporate America an estimated $24 billion annually. Some 74 percent of these security breaches come from the inside (American Society for Industrial Security).

In the largest criminal Internet attack to date, a group of Eastern European hackers have spent a year systematically exploiting known Windows NT vulnerabilities to steal customer data. More than 1,000,000 credit cards have been taken and more than 40 sites have been victimized.
More than 40 victims located in 20 states have been identified and notified in ongoing investigations in 14 Federal Bureau of Investigation Field Offices and seven United States Secret Service Field Offices.

According to Major General Dave Bryan, there were 25,000 attempted intrusions into defense systems last year. Bryan stated that 245 of those attacks were successful, and that officials found that 96 percent of the successful attacks could have been prevented if users had followed protocols. Publicly released computer security vulnerabilities more than doubled in the last year, with 1,090 separate holes reported in 2000, and 2,437 reported in 2001. Following the same trends, the number of reported incidents also drastically increased with 21,756 documented in 2000 and 52,658 in 2002.

So far in the year 2002, there have been 457 new, reported, operating system (OS) vulnerabilities. The breakout by OS is as follows:

--85 new vulnerabilities in Windows NT/2000
--82 new vulnerabilities total for all of the aggregate Linux variants
--42 on Mandrake Linux
--40 on RedHat Linux
--32 on Windows 3.x/95/98
--20 on Debian
--19 on FreeBSD
--14 on NetBSD
--12 on IRIX and 12 on HP/UX
--6 on AIX

Carnegie Mellon University estimates that 99 percent of all reported intrusions "result through exploitation of known vulnerabilities or configuration errors, [for which] countermeasures were available." This shows directly how important it is to regularly patch systems, and keep current with network and system countermeasures.

In a test to see how fast a non-published, unpatched system would be discovered, the San Diego Supercomputer Center placed a default installation, Red Hat Linux 5.2 machine on the Internet.

Eight hours after installation, the system was probed for RPC vulnerabilities. 21 days after installation, there had been 20 targeted, unsuccessful, exploits attempted. Approximately 40 days after installation, a vulnerable POP service was compromised, and the intruder installed a sniffer, several backdoors, and wiped out the system logs.

InterTech USA diagnoses and eradicates over 2500 viruses per day destined for our hosted email clients alone. In addition, according to our logging and intrusion detection systems, over 300 attempts have been made today on just two of our gateway routers to gain access to our systems, as well as the systems we managed and protect for our clients.

Contact Us Today using our online request form or call us at 1-800-291-6517. Let our expert staff evaluate your business objectives and show you how our unique solutions will benefit you and your customers.

Reprinted under the Fair Use doctrine of international copyright law. Full copyright retained by the original publication. In accordance with Title 17 U.S.C. Section 107, this material is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes.

Copyright © 2006 InterTech-USA, Inc.