Internet Risk Impact Summary Report for Q2 2003

Security Incidents Increase 13.7 Percent As Margin Closes Between Number of Threats and Vulnerabilities ~

On July 14, Internet Security Systems released its Internet Risk Impact Summary Report (IRIS) for the second quarter of 2003, which reveals that the number of serious security incidents increased by 13.7 percent from the first quarter. While low-level hacking activity decreased slightly, ISS X-Forceâ„? researchers attribute the increase in confirmed security incidents to a larger number of threats that take advantage of known vulnerabilities. Over the past two quarters, the gap between methods of attack, known as threats, and vulnerabilities in software and systems has narrowed. Hacking activity takes advantage of this narrowed gap, using older threats and techniques that are widely known by hackers, but not patched by IT departments and thus still open to attack.

Highlights and Report Findings:

The X-Force expects an increasing risk from attackers targeting emerging Internet communities, especially users that make use of broadband access from a home office, wireless technologies, and file sharing and messaging applications. This increased risk is also a result of corporate laptops and workstations being used outside the organization on home-based broadband networks.

HTTP, SNMP In, SMTP, and FTP are ports targeted and used often by attackers. While FTP and HTTP are still among the top-ten attack destinations, attacks have decreased on these ports by an average of 46 percent and 96 percent over the last six quarters. This is likely due to patching of vulnerable code-bases and better protection of the FTP and HTTP ports in particular.

24.5 percent of security events occurred over weekends in the second quarter of 2003. Wednesday showed the highest rate of security events, registering an average of 1,809,222.

After tracking 20 industry sectors targeted by attacks in the second quarter, the following major industries ranked in the following order of most to least attacked.

– Services – 24.23 percent
– Financial & Insurance Services – 19.43 percent
– Retail – 15.69 percent
– Manufacturing -10.6 percent
– Federal, State and Local Government – 7.56 percent
– Food & Drug – 5.16 percent
– Information Technology – 4.26 percent
– Healthcare – 2.86 percent.

ISS added 727 new vulnerabilities to the X-Force database, a 20 percent increase compared to Q1 2003 when 606 new vulnerabilities where added.

The vulnerabilities for Q2 2003 were classified into the following risk levels: 209 High, 377 Medium and 141 Low. High security issues are those that allow immediate remote or local access, or immediate execution of code or commands with unauthorized privileges.

The gap narrowed between vulnerabilities and threats for the second consecutive quarter:

– 654 threats were identified in Q2 2003 compared to 727 vulnerabilities in Q2 2003
– 752 threats were identified in Q1 2003 compared to 606 vulnerabilities in Q1 2003
– Historically, from Q1 through Q4 2002: 494 threats compared to 2,374 vulnerabilities
– During the second quarter of 2003, ISS observed 83 days at AlertCon 1, 8 days at AlertCon 2, and 0 days at AlertCon 3 and 0 days at AlertCon 4, which is reserved for the most severe attacks.

Investigation of an exploit for the Sendmail Email Processing Vulnerability resulted in four days at AlertCon 2. In addition, the acceleration of Bugbear.B worm’s infection rate in the first 24 hours of propagation raised the threat to AlertCon 2 for four days.

More Information:

The complete Q2 2003 Internet Risk Impact Summary Report is available for free download on Internet Security Systems’ Web site at https://gtoc.iss.net/ (see right-side margin).

The X-Force Daily AlertCon, a measure of current and forecasted Internet threats, is available on the ISS Web site at http://xforce.iss.net/.