Web server attacks and website defacements are up by 36 per cent on last year with almost 400,000 attacks globally in 2004, according to a survey released by Infosecurity Europe and zone-h, a server-side cybercrime observatory.
The report found that currently 2500 web servers are successfully hacked each day out of a total population of 45 million servers. This could increase to 80,000 hacks every day once VoiP/3G phones become commonplace, it is claimed.
The full results were launched at Infosecurity Europe in London, on April 26. Visit www.infosec.co.uk
Zone-H’s report on server side attacks and trends gives a glimpse of what the future has in store. Roberto Preatoni said: "Once GSM telephone platforms are replaced by VoiP / 3G phones which work in the same way as Internet servers (they each might have their own IP address) the number of web servers will increase to 1.5 billion. Each of these phones/terminals will be potentially subject to the same vulnerabilities as traditional web servers and personal computers and by a process of simple multiplication there could be as many as 80,000 hacks a day on these devices that will often hold the digital equivalent of someone’s life! The same hacks could even turn the phones/terminals into remote-controlled snooping devices leading to a complete loss of privacy and opening the way to massive industrial espionage incidents."
The report contains aggregated information related to the Zone-H web server intrusion database and is probably the only unbiased and reliable source of information related to server side cyber intrusions. The report was created from the largest known database of its kind.
Findings include:
– 392,545 recorded web server attacks for the year 2004 (36 per cent increase from the previous year)
– 70,357 single defacements for the year 2004 totalling
– 322,188 Mass defacements for the year 2004
– 186 special attacks on US governmental servers
– 3918 special attacks on worldwide compromised governmental domains
– 49 special attacks on US military servers
– 588,815 mass defacements over the years 2000 – 2004
– 194,905 single IP attacks over the years 2000 – 2004
Other types of attacks covered in the report include:
– OS families, single IP for the years 2000 – 2004
– OS families mass defacements for the years 2000 – 2004
– Web server families single IP and mass for years 2003 – 2004
– Attacker’s motivations for years 2002 – 2004
– Attack technical details for years 2002 – 2004
Preatoni added: "Defacement is just one option for an attacker; in most circumstances the techniques used by defacers are the same techniques used by serious criminals to cause more serious damage. The collection of this information on cybercrime provides data for the evolution of trends and definition of techniques. The disclosure of the techniques, allows system administrators the opportunity to test their own servers and close the security holes that are used. The information provides Zone-H a crystal-clear view of what is happening on the Net and provides the ‘Internet thermometer’."
About the report
Zone-h maintains an archive of information about attacks against Internet web servers. The database contains information related to nearly one million server intrusions over a span of several years. Every day the zone-h volunteers receive an average of 2,500 notifications related to web server intrusions. Each instance is then verified and catalogued. Zone-h catalogues several useful pieces of information for each intrusion which includes the timestamp of the attack, software version of the web server, the operating system, motivation of the attacker, and technical details of the intrusion methodology.
