Web server attacks and website defacements increase by 36%

CyberCrime report to be released at Infosecurity Europe www.infosec.co.uk by Zone-H



Web server attacks and website defacements are up by 36% on last year with almost 400,000 attacks globally in 2004, according to a survey released today by Infosecurity Europe and zone-h the independent server-side cybercrime observatory. The report found that currently 2500 web servers are successfully hacked each day out of a total population of 45 million servers. This could increase to 80,000 hacks every day once VoiP/3G phones become commonplace! The full results of the Survey will be launched at Infosecurity Europe in London, on April 26th 2005. www.infosec.co.uk

Zone-Hís report is the most comprehensive survey on server side attacks and trends and gives a glimpse of what the future has in store. Roberto Preatoni said Once GSM telephone platforms are replaced by VoiP / 3G phones which work in the same way as Internet servers (they each might have their own IP address) the number of web servers will increase to 1.5 billion. Each of these phones/terminals will be potentially subject to the same vulnerabilities as traditional web servers and personal computers and by a process of simple multiplication there could be as many as 80,000 hacks a day on these devices that will often hold the digital equivalent of someoneís life! The same hacks could even turn the phones/terminals into remote-controlled snooping devices leading to a complete loss of privacy and opening the way to massive industrial espionage incidents

The report contains aggregated information related to the Zone-H web server intrusion database and is probably the only unbiased and reliable source of information related to server side cyber intrusions. The report was created from the largest known database of its kind.

Findings include:
- 392,545 recorded web server attacks for the year 2004 (36% increase from the previous year)

- 70,357 single defacements for the year 2004 totalling

- 322,188 Mass defacements for the year 2004

- 186 special attacks on US governmental servers

- 3918 special attacks on worldwide compromised governmental domains

- 49 special attacks on US military servers

- 588,815 mass defacements over the years 2000 - 2004 (graph available by months)

- 194,905 single IP attacks over the years 2000 - 2004 (graph available by months)

Other types of attacks covered in the report include:
- OS families, single IP for the years 2000 - 2004 (graph available by months)

- OS families mass defacements for the years 2000 - 2004 (graph available by months)

- Web server families single IP and mass for years 2003 - 2004 (graph available by months)

- Attackerís motivations for years 2002 - 2004

- Attack technical details for years 2002 - 2004

Preatoni continued, Defacement is just one option for an attacker; in most circumstances the techniques used by defacers are the same techniques used by serious criminals to cause more serious damage. The collection of this information on cybercrime provides data for the evolution of trends and definition of techniques. The disclosure of the techniques, allows system administrators the opportunity to test their own servers and close the security holes that are used. The information provides Zone-H a crystal-clear view of what is happening on the Net and provides the íInternet thermometerí.

About the report

Zone-h maintains the largest archive of information about attacks against Internet web servers. The database contains information related to nearly one million server intrusions over a span of several years. Every day the zone-h volunteers receive an average of 2,500 notifications related to web server intrusions. Each instance is then verified and catalogued. Zone-h catalogues several useful pieces of information for each intrusion which includes the timestamp of the attack, software version of the web server, the operating system, motivation of the attacker, and technical details of the intrusion methodology.

A copy of the full report will be available from the zone-h stand G914, at Infosecurity London 26-28 April, 2005.