Webtrends Tracking Code
 
UK Home >  OUT-LAW News >  News Archive >  2003 >  February 2003 >  Cyber attacks fall but threat remains, says Symantec

Cyber attacks fall but threat remains, says Symantec

OUT-LAW News, 04/02/2003

The rate of electronic attacks on corporate networks fell in the second half of last year, but it is still higher compared to the same period in 2001, said internet security provider Symantec, in its latest global Internet Security Threat Report.

According to Symantec's figures, which encompass the second half of 2002 and are based on data from a sample set in over 400 companies in 30 countries, the rate of network-based attacks was 6% lower than the rate recorded during the prior six-month period.

It is noted, however, that these figures do not include worms, such as the SQL Slammer that almost crippled the internet for two days last month.

On average, there were 30 attacks per company per week, compared to 32 attacks during the first half of the past year. Approximately 85% of this activity was classified as "pre-attack reconnaissance", and the remaining 15% was classified as various forms of "attempted or successful exploitation," according to the report.

The study also found that the number of severe incidents – access attempts aiming to compromise a corporate network's security – declined slightly. Specifically, 21% of companies in the sample reported at least one severe event in the second half of 2002, as compared to 23% in the first half of the same year.

Also, the current severe event rate remains "far below" the rate of 43% which was recorded during the same period in 2001, according to Symantec.

But Symantec said that, despite the decline, average attack rates per company during the second half of 2002 remained 20% higher than the rate recorded during the same six-month period in 2001.

Also, the report claims, the number of new software vulnerabilities exposing corporate networks to malicious incidents has increased by 81.5% over 2001, with the number of severe flaws being 85% higher.

Nevertheless, the relative ease with which attackers could exploit new vulnerabilities remained unchanged in 2002. Symantec attributes the rise in reported vulnerabilities to more responsible disclosure by software makers, and more sophisticated attacks.

The report found that power and energy companies were the most frequent victims. Also, larger companies, measured in terms of employee count, apparently experienced a higher volume and a greater severity of attacks.

According to Symantec, none of the incidents recorded could be attributed to cyber terrorism and fewer than 1% of the attacks originated from countries on the US government's Cyber Terrorist Watch List, which includes countries such as Iran, Pakistan and Indonesia.

In fact, Symantec said, the US is by far the first in the top-ten "attacking countries," accounting for 35.4% of all attacks detected during the second half of 2002.

Second on the list of offenders is South Korea with 12.8%, followed by China (6.9%), Germany (6.7%) and France (4%). The UK is, according to the report, in ninth place, accounting for 2.2% of attacks recorded.

 

OUT-LAW Recommends

Free OUT-LAW seminars
- Making your contract work
- Information security
Six cities, October & November

This week's podcast
Are ISPs about to betray our trust?

Winner at 2008 Webby Awards

OUT-LAW star: link to the home page
Disclaimer | Privacy | Site Map | Accessibility
Disclaimer: This was printed from OUT-LAW.COM, a service of international law firm Pinsent Masons. We hope you find this content useful. However, please note that nothing in this document constitutes specific legal advice. You should consult a suitably qualified lawyer on any specific legal problem or matter. Any questions, please email info@out-law.com.