Cyber attacks on rise as hackers wise
up to beat security systems
Bill Goodwin reports
@ Computerweekly, © 1999 Reed Business Information Limited
Cyber attacks are increasing dramatically as hackers and virus writers learn
new techniques to evade computer security systems.
During the first half of 1999, 1,700 serious recorded cyber attacks cost
businesses worldwide more than $7bn (£4.43bn), although this is probably
just the tip of the iceberg, research by security consultancy mi2g
revealed in a report.
By the end of the year, cyber attacks are likely to have caused more than
$20bn worth of damage, with the number of serious reported incidents expected
to rise from just over 1,000 in 1998 to an estimated 3,000.
Between March and June this year, pro-Serbian hackers infiltrated government
and military sites, FTSE-100 companies, two UK Internet service providers,
universities and e-commerce start-up companies, the report said.
Hackers working from Russia, Latvia, Serbia and Bulgaria sent e-mails containing
embedded viruses capable of deleting files from hard disks, via hijacked mail
transfer systems, the group said. Some attacks targeted as many as 100,000
systems simultaneously. Further damage was caused by Mellissa, Chernobyl and
ExploreZip virus attacks.
Although most cyber attacks involve guessing passwords and exploiting security
holes in operating systems and programs, there are signs that hackers are
becoming increasingly sophisticated.
New tricks reported this year include forging Internet protocol addresses,
hijacking log-in sessions and exploiting the source routing options in operating
systems, mi2g's report said.
Cyber attacks are increasing at a rate of 45% a quarter. But many incidents
go unreported by organisations worried about bad publicity or simply unable
to detect breaches.
Too few senior board directors realise that cyberspace is such a dangerous
world, said mi2g managing director DK Matai.
"The recent share price decline in the stock
of those companies that have been attacked on the Internet or have suffered
IT system outages makes a compelling case for why board directors must take
notice of cyber security," he said.