Web Server Attacks & Website Defacements Increase By 36% According To New Independent Report On Cybercrime

Web server attacks and website defacements are up by 36% on last year with almost 400,000 attacks globally in 2004, according to a survey released today by Infosecurity Europe and zone-h the independent server-side cybercrime observatory. The report found that currently 2500 web servers are successfully hacked each day out of a total population of 45 million servers. This could increase to 80,000 hacks every day once VoiP/3G phones become commonplace! The full results of the Survey will be launched at Infosecurity Europe in London, on April 26th 2005.

Zone-H’s report is the most comprehensive survey on server side attacks and trends and gives a glimpse of what the future has in store. Roberto Preatoni said “Once GSM telephone platforms are replaced by VoiP / 3G phones which work in the same way as Internet servers (they each might have their own IP address) the number of web servers will increase to 1.5 billion. Each of these phones/terminals will be potentially subject to the same vulnerabilities as traditional web servers and personal computers and by a process of simple multiplication there could be as many as 80,000 hacks a day on these devices that will often hold the digital equivalent of someone’s life! The same hacks could even turn the phones/terminals into remote-controlled snooping devices leading to a complete loss of privacy and opening the way to massive industrial espionage incidents”

The report contains aggregated information related to the Zone-H web server intrusion database and is probably the only unbiased and reliable source of information related to server side cyber intrusions. The report was created from the largest known database of its kind.

Findings include:
– 392,545 recorded web server attacks for the year 2004 (36% increase from the previous year)
– 70,357 single defacements for the year 2004 totalling
– 322,188 Mass defacements for the year 2004
– 186 special attacks on US governmental servers
– 3918 special attacks on worldwide compromised governmental domains
– 49 special attacks on US military servers
– 588,815 mass defacements over the years 2000 – 2004 (graph available by months)
– 194,905 single IP attacks over the years 2000 – 2004 (graph available by months)
Other types of attacks covered in the report include:
– OS families, single IP for the years 2000 – 2004 (graph available by months)
– OS families mass defacements for the years 2000 – 2004 (graph available by months)
– Web server families single IP and mass for years 2003 – 2004 (graph available by months)
– Attacker’s motivations for years 2002 – 2004
– Attack technical details for years 2002 – 2004

Preatoni continued, “Defacement is just one option for an attacker; in most circumstances the techniques used by defacers are the same techniques used by serious criminals to cause more serious damage. The collection of this information on cybercrime provides data for the evolution of trends and definition of techniques. The disclosure of the techniques, allows system administrators the opportunity to test their own servers and close the security holes that are used. The information provides Zone-H a crystal-clear view of what is happening on the Net and provides the ‘Internet thermometer’.”

About the report

Zone-h maintains the largest archive of information about attacks against Internet web servers. The database contains information related to nearly one million server intrusions over a span of several years. Every day the zone-h volunteers receive an average of 2,500 notifications related to web server intrusions. Each instance is then verified and catalogued. Zone-h catalogues several useful pieces of information for each intrusion which includes the timestamp of the attack, software version of the web server, the operating system, motivation of the attacker, and technical details of the intrusion methodology. A copy of the full report will be available from the zone-h stand G914, at Infosecurity London 26-28 April, 2005. Data can be reproduced partially or totally with proper credit to zone-h.org. -title as provided: Independent observation of web server cybercrimes. Statistics provided by www.zone-h.org – as well as respecting the Creative Common License attached at the end of the document. Copyright 2002-2005 Zone-h. Disclaimer Zone-h neither condones, promotes, and/or participates in attacks that are recorded within our database. It is however in a unique position that such attacks are freely reported to our organization. ENDS About zone-h Uniquely positioned as the Internet most authentic source on web attacks and cybercrimes as an independent observatory, zone-h each day chronicles cyber attacks, network breaches and web site defacements as reported by both sides, attackers and defenders. With a no-hat approach, zone-h gives proper and punctual coverage on what’s going on the Net every single day of the year with news, advisories, opinions, statistics, and forums. The zone-h archive provides the most authoritative and complete server-side cybercrime database available today. The archive is made up at present of more than 900,000 digital attacks. Attack trends, motivations, and methodologies of intrusion are thoroughly analyzed; statistics is available to and free to circulate within the IT community, keeping true to zone-h not-for-profit status and open source attitude. More than 25,000 visitors every day, totalling half a million clicks on an average day, visit the zone-h project www.zone-h.org homepage. Zone-h in numbers: 4 languages: English, Italian, French, Russian 50 active website maintainers from: USA, Italy, Estonia, Russia, United Kingdom, Brazil, Iran, Pakistan, Korea, Japan, France, Greece, Latvia. Active partnerships in Holland, Estonia, Russia, Italy, Hong Kong, Korea, Japan, Malaysia, Singapore. 5228 mail subscribers 7500 early warning subscribers 950.000 digital attacks 25451 forum messages 3942 downloadable files (security repository) About Infosecurity Europe 2005 Infosecurity Europe, running for its 10th year in 2005, is Europe’s number one Information Security event. Featuring over 250 exhibitors, new products and services, an unrivalled education programme and visitors from every segment of the industry, it is the most important date in the calendar for Information Security professionals across Europe. Organised by Reed Exhibitions, the world’s largest tradeshow organiser, Infosecurity Europe is one of ten Infosecurity events around the world with events also running in the USA, Belgium, Netherlands, Scandinavia, Italy, Russia, Spain, France and Canada.

Don't miss