Report: Cyberterrorism more threat than reality

Find opportunities — and win them.

Hacker targets appear to be better equipped to detect and fend off serious attacks, according to Riptech's "Internet Security Threat Report."

Hacking activity tracked by managed security services provider Riptech Inc. of Alexandria, Va., increased 28 percent in the last six months, but target enterprises appear to be better equipped to detect and fend off serious attacks, according to the second volume of the company's "Internet Security Threat Report," released July 8.


Despite the increase in overall activity, the number of companies experiencing a severe attack from January through June this year declined by half, compared to the previous six months. Government organizations monitored did not suffer any highly aggressive attacks in the past six months.

Although hacking remains a real threat, cyberterrorism has not emerged as a serious problem, said Riptech Chief Technology Officer Tim Belcher.


"I have never seen signs of expert cyberterrorism anywhere," Belcher said.


He defined "expert" as a level of skill on par with professional security teams that do penetration testing. But he warned that hacking tools and resources are readily available, and this could quickly change.


The report is based on an analysis of 180,000 confirmed attacks culled from 11 billion firewall and intrusion-detection system data points from 400 Riptech customers. Few of the customers ? less than 2 percent ? are government agencies, and most of those are state and local rather than federal.



Among the findings:

*Nearly two-thirds of confirmed attacks were launched from systems using Microsoft Windows.


*The United States is the leading source of attacks, accounting for 40 percent.


*The power and energy, financial service and high-tech sectors were the most frequent targets.


Attacks from countries on a cyberterrorism watch list, including seven countries designated by the State Department as sponsors of terrorism, accounted for less than 1 percent of the attacks monitored.

But scanning from those countries tended to focus on different types of services and different types of companies from the average, suggesting differences in motives, the report said. Belcher said those differences could be a reflection of the small numbers from those countries, where Internet connectivity is low.


"I don't think what we're seeing today is extremely threatening," he said.


One disturbing detail that turned up was a small percentage ? about 2 percent ? of Code Red worm scans apparently originated from Unix systems. Because Unix systems are not susceptible to Code Red infection, these could be the work of someone hiding behind the worm, Belcher said.


"We've checked and double-checked and triple-checked," Belcher said. "We feel this is a smoke screen."


For what it's worth, hackers seem to be average working Joes. Over the past six months, the rate of hacker activity on weekdays was 19 percent higher than on weekends.


Volume 2 of the "Internet Security Threat Report" is posted on Riptech's Web site at www.riptech.com.