September 2002 has seen 9,011 overt digital attacks so far, shattering all previous monthly
records. The record was previously held by August 2002 (5,830) and by July 2002 (4,094) before
that. Monthly records have now been broken for three consecutive months. September's record
this year stands in sharp contrast to September 2001, when 9/11 precipitated a dramatic plunge
in the number of overt digital attacks to just 816 from 2,820 in August and 3,499 in July 2001
according to the mi2g SIPS database.
There has been rising antagonism across the digital world against the US in response to its
policy on Iraq and support for Israel. US Government online computers belonging to the House
of Representatives, Department of Agriculture, Department of Education, National Park Service,
Goddard & Marshall Space Flight Centers, State Library and US Geological Survey were attacked in
September. All of the online victims were running Microsoft Windows. The number of overt
digital attacks against US Government targets more than doubled in September in comparison to
August.
The worldwide hacker groups responsible for anti-US, anti-Israel and anti-India digital attacks
in September include S4t4n1c S0uls, USG, WFD, EgyptianHackers, Arab VieruZ, MHA, The Bugz and
FBH.
US registered domains have been successfully attacked 4,157 times so far this month followed
by Brazil (835), UK (376), Germany (356) and India (285). North America was subjected to more
overt attacks so far in September than any other region (49%) whereas Europe was the victim of
23% of all attacks. In comparison, North America suffered 38% of all attacks in August while
Europe was the victim of 39%.
Attacks on Microsoft Windows systems (5,854) in September 2002 have dwarfed attacks on all
other operating systems combined including Linux (1,740), BSD (933) and Solaris (229).
Increasing number of vulnerabilities are being found in generic operating systems, server
software, applications and libraries deployed on mission critical systems. It is no longer
possible to patch vulnerabilities, which are now being discovered in ever greater numbers,
without suffering severe down times. The non-stop configuration management demanded by vendors
has become damaging in terms of business interruption and co-ordination.
"Applying patches was traditionally relegated to the weekend when reboots could take place but
it has now become a 24/7 configuration management issue. If there were just a few large
computers to patch that would be fine. When there are tens of thousands of machines across an
organisation including servers and desktops it is difficult to manage reboot-patch-reboot
regimes on a near daily basis. Invariably some mission critical machines don't get patched in
time despite the best will to do so. Those are perfect doorways for hackers and they are being
exploited ruthlessly," said DK Matai, Chairman and CEO of mi2g.
Editor's Notes:
There were a total of 1,093 overt digital attacks on 8th September alone, the second highest
number on record, only marginally lower than the all-time-high one day figure for 18th August.
The cumulative for the first nine months of 2002 as of 25th September is 40,116, a number
significantly higher than the figure for the whole of 2001. A conservative projection for
overt digital attacks across the globe for 2002 would be over 55,000. Total figures are 31,322
for 2001; 7,821 for 2000; 4,197 for 1999 and 269 for 1998.