|
Source: TechNewsWorld
Report Shows Server Hacks, Site
Defacement Growing
By
Jay Lyman
TechNewsWorld
04/26/05 1:26 PM PT
Among other
Zone-H findings: There were 186 special attacks on U.S. government servers, 49
special attacks on U.S. military servers, 3,918 special attacks on government
domains worldwide, and more than half a million mass defacements from 2000 to
2004.
Web server hacks
and Web site defacement are growing at a hefty pace, according to Zone-H, an
Internet security monitoring group that released
findings of a new study this week at the Infosecurity Europe 2005 event in
London.
Although it may often be seen as
digital graffiti committed by so-called "script kiddies" -- lower
level computer hackers who are motivated primarily by notoriety -- server
attacks and site defacements were up by 36 percent last year with an average of
2,500 out of 45 million Web servers successfully hacked every day, according to
Zone-H.
At the same time security experts
indicated the server hacks and site defacements can be a sign of deeper, more
dangerous data and IT vulnerability. Zone-H also said there is more mayhem on
the way with the additional Internet protocol (IP) addresses coming with Voice
over IP (VoIP)-enabled mobile phones.
"Once GSM telephone
platforms are replaced by VOIP/3G phones which work in the same way as Internet
servers, the number of Web servers will
increase to 1.5 billion," said a statement from Zone-H's Robert Preatoni.
"Each of these phones/terminals will be potentially subject to the same
vulnerabilities as traditional Web servers and personal computers, and by a
process of simple multiplication, there could be as many as 80,000 hacks a day
on these devices that will often hold the digital equivalent of someone's
life!"
Same Techniques as Serious
Crooks
Reporting that there were more
than 392,500 recorded Web server attacks, more than 70,000 single defacements
and 322,000 mass defacements in 2004, Zone-H warned the compromises and
defacements are indicative of more serious security issues.
"Defacement is just one
option for an attacker," Preatoni said. "In most circumstances, the
techniques used by defacers are the same techniques used by serious criminals
to cause more serious damage."
Among other Zone-H findings:
There were 186 special attacks on U.S. government servers, 49 special attacks on U.S. military
servers, 3,918 special attacks on government domains worldwide, and more than
half a million mass defacements from 2000 to 2004.
Defacement for Dummies
While defacements can be
indicative of more serious vulnerabilities, such attacks are typically
considered more of a simple nuisance by companies and IT organizations, iDefense director
of malicious code Ken Dunham told TechNewsWorld.
"In a typical defacement,
they deface it and move along and that's all there is to it," he said.
The security expert said Web
server hacks and defacements, which are increasingly performed with simple and
automated tools, can actually alert an organization to more serious
vulnerabilities they need to fix, however.
Dunham agreed that attacks are
likely to increase as VoIP-enabled handsets broaden the pool of vulnerable IP
addresses.
"The reason why is it's an
emerging technology; it's new," Dunham said.
Leading to Data Loss
Basex
CEO and chief analyst Jonathan Spira said although a simple defacement of its
site may not be too harmful for a company, the defacement tactics can lead to
data loss.
"It really depends on the
nature of the attack," Spira told TechNewsWorld. "Obviously, if it's
graffiti or vandalism, it probably won't hurt the company's image too much, but
it it's a moderate change and it hijacks a domain and captures customer
information, that has more ramifications."
Spira said organizations must
survey their Web site security frequently to avoid the often simple attacks
that lead to compromised servers and defacements.
"There's simply no excuse
for that type of lax security at this point," he said. 
| 
Apache HTTP
Server