Linux and open source attacks soar
by James Middleton, © 1995-2002 VNU Business Publications
Ltd. All rights reserved
Friday, 12th July 2002 - Windows hacking figures fall. Attacks on
Linux and open source systems are set to more than double this year and may
even eclipse the number of hostile attempts made on Windows systems in the
future. The latest figures compiled by the intelligence unit at analyst mi2g
have shown a significant rise in the number of attacks on Linux-based open
source third-party web applications.
In the first six months of this year 7,630 overt attacks have taken place
on Linux boxes. The total number of attacks last year amounted to 5,736.
But attacks on Windows/IIS systems have already dropped by 20 per cent on
last year's figures, from 11,828 to 9,404.
According to mi2g, the big picture shows that hack attacks in general
are on the rise, up 27 per cent on last year, from 16,007 to 20,371.
The research found that Linux systems in the firing line typically deployed
open source third-party applications, certain versions of which contained
well known vulnerabilities which are not being patched fast enough and are
continuously exploited by hackers.
"The key issue in protecting critical infrastructure
is tight configuration management which demands a 24/7 monitoring of vulnerability
announcements and associated exploits," said DK Matai, mi2g's
chairman and chief executive. "A quick response
in addressing all weaknesses as soon as they are known has now become critical."
But as fears deepen over the threat of cyber terrorism, government bodies
and agencies seem to be getting the message and battening down the hatches
on their networks. This is demonstrated by sharp falls in the number of online
government systems succumbing to digital attacks.
Over the first half of this year, just 54 US government systems were successfully
attacked compared to the 204 that took place during the same period last year.
A total of 38 UK government systems were hit during the first six months
of last year, but only 12 have fallen victim so far this year.
One factor thought to be discouraging hackers from attacking US government
sites is the amendment of the Cyber Security Enhancement Act in February,
which now means life imprisonment for those who put lives at risk by electronic