Web, Mail, DNS, FTP and Proxy Servers Main Targets for Unauthorised Scanning
Web, Mail, DNS, FTP and Proxy Servers main targets for unauthorised scanning e-Cop.net's e-Security Index shows slight increase in security incidents since last quarter.
MALAYSIA, 29 AUGUST 2002 - e-Cop.net Surveillance Sdn Bhd, the premier provider of 24x7 Information Surveillance Services, recently announced that an analysis of the findings of their round-the-clock Global Command Centres (GCCs) have revealed only a slight increase in the overall volume of security incidents, as compared with the last quarter of 2002. However, the monitored results from its e-Security Index indicated that e-Cop.net customers are currently experiencing 2.5 times more incidents than August 2002.
Most of the probes made were attempts to unveil vulnerable Web (Apache, IIS), Mail, DNS (BIND), FTP (WuFTP) and Proxy servers with the key objective to compromise, using ready-made scripts. From the online forensics conducted, it is believed that these attempts employed tools and scripts to exploit commonly known vulnerabilities as part of the scanning activity, which in turn increases the speed of the overall propagation, resulting in the surge of activity.
e-Cop.net's e-Security Index monitors changes in e-Security events on a monthly consolidated basis using statistics compiled from monitoring activities on clients' networks, undertaken by e-Cop.net's Global Command Centres (GCCs) in Singapore, Malaysia, Hong Kong and Japan. This initiative does not only emphasise e-Cop.net's status as an industry expert, but also as a leading authority offering clients local, regional and global perspectives in addressing info-security issues.
Surge in Malaysia-originated attacks
"Surprisingly, according to the data compiled, Malaysia was among the top 3 countries of origination of intrusion attacks," said Alan See, CEO of e-Cop.net Surveillance Sdn Bhd. "Using a monthly analysis, Malaysia-originated attacks accounted for 20 per cent of overall incidents in July, compared to only 5 per cent for the month of June. An in-depth analysis into the underlying factors leading to this jump, is primarily due to an increase in web probe occurrences on corporate customers from Malaysia educational institutes and ISP subscribers," added See.
From the online forensics conducted, e-Cop.net found that the top 5 countries of origination of intrusion attacks were the US (31 per cent), North Asia (21 per cent), Malaysia (20 per cent), Singapore (16 per cent) and Australia (6 per cent).
e-Cop.net's study of the attacks has shown that the majority of these attacks were mainly Web apache exploit attempts to execute arbitrary codes, which could lead to a possible Denial of Service. In general, web CGI exploits and Microsoft vulnerabilities continue to be one of the more frequent ways which external malicious sources conduct their probes in their attempt to gain access to networks. In light of the increase of attacks, e-Cop.net recommends that it is crucial for all servers be treated with up to date security patches.
Types of attacks
- Techniques most commonly employed in attempted intrusions include the following:
- Sniffer Attacks - the method of capturing data traversing the Internet
- e-mail Attacks- gaining access into the system through vulnerabilities in network service software
- Network File System Attacks - gaining data access through vulnerabilities in operating system software
- Network Infrastructure Attacks - denial of service through attacks on routers and name servers (This is normally used to impersonate the server)
- IP Spoofing Attacks - gaining system access by tunnelling through firewalls
- WWW Threats - gaining users or system information through the web by CGI programmes
Internet and Network security, what's in store?
The upward trend of security incidents and threats as revealed by the e-Security Index, coupled with the lack of professional expertise and proven technology, has fuelled the growth of the Internet security sector within Malaysia's Information Technology industry.
"We have achieved significant success since our start-up a year ago, having registered an impressive growth since July 2001 via a holistic understanding of and approach to network security issues and the needs of the market. More importantly, we believe there is still ample room for growth," concluded See. The company is currently working towards obtaining the BS7799 security standard certification by end September.
e-Cop, the TRUSTED provider of critical info-security technologies and services, helps governments and enterprises worldwide manage their info-security threats and risks.
Leveraging on e-Cop's innovative technology and professional expertise, organizations can effectively manage the challenging tasks in info-security today, such as info-security management, infrastructure monitoring and real-time threat response. This is achieved through reliance on e-Cop's Global Command Centres (GCC) or e-Cop's deployment of cutting-edge technologies for independent Security Operations Centres.
e-Cop raises the bar for info-security management and practices with its pioneering research and development, robust technologies and award-winning solutions and security expertise. These are all centred on internationally recognised best practices for Information Security Management System (ISMS) ¨C BS7799/ISO17799. e-Cop's international presence today covers 20 countries, with multiple Global Command Centres (GCC) located in Asia Pacific and Middle East. For more information, please visit www.e-Cop.net