Slight Increase in Security Incidents
Web, mail, dns, ftp and proxy servers main targets for unauthorised scanning
4th September 2002 (NISER)
By E-Cop.net

e-Cop.net Surveillance Sdn Bhd, recently announced that an analysis of the findings of their round-the-clock Global Command Centres (GCC) have revealed only a slight increase in the overall volume of security incidents, as compared with the last quarter of 2002.

However, the monitored results from its e-Security Index indicated that e-Cop.net customers are currently experiencing 2.5 times more incidents than August 2002.

Most of the probes made were attempts to unveil vulnerable Web (Apache, IIS), Mail, DNS (BIND), FTP (WuFTP) and Proxy servers with the key objective to compromise, using ready-made scripts. From the online forensics conducted, it is believed that these attempts employed tools and scripts to exploit commonly known vulnerabilities as part of the scanning activity, which in turn increases the speed of the overall propagation, resulting in the surge of activity.

E-Cop.net's e-Security index monitors changes in e-Security events on a monthly consolidated basis using statistics compiled from monitoring activities on clients' networks, undertaken by e-Cop.net's Global Command Centres (GCCs) in Singapore, Malaysia, Hong Kong and Japan. This initiative does not only emphasise e-Cop.net's status as an industry expert, but also as a leading authority offering clients local, regional and global perspectives in addressing e-security issues.

Surge in Malaysia-originated attacks "Surprisingly, according to the data compiled, Malaysia was among the top 3 countries of origination of intrusion attacks," said Alan See, CEO of e-Cop.net Surveillance Sdn Bhd. "Using a monthly analysis, Malaysia-originated attacks accounted for 20 per cent of overall incidents in July, compared to only 5 per cent for the month of June. An in-depth analysis into the underlying factors leading to this jump, is primarily due to an increase in web probe occurrences on corporate customers from Malaysia educational institutes and ISP subscribers," added See.

From the online forensics conducted, e-Cop.net found that the top 5 countries of origination of intrusion attacks were the US (31 percent), North Asia (21 per cent), Malaysia (20 per cent), Singapore (16 per cent) and Australia (6 per cent).

E-cop.net's study of the attacks has shown that the majority of these attacks were mainly Web apache exploit attempts to execute arbitrary codes, which could lead to a possible Denial of Service. In general, web CGI exploits and Microsoft vulnerabilities continue to be one of the more frequent ways which external malicious sources conduct their probes in their attempt to gain access to networks. In light of the increase of attacks, e-Cop.net recommends that it is crucial for all servers be treated with up to date security patches.

Types of attacks

Techniques most commonly employed in attempted intrusions include the following:

• Sniffer Attacks the method of capturing data as traverses the Internet
• e-mail Attacks gaining access into the system through vulnerabilities in network service software
• Network File System Attacks gaining data access through vulnerabilities in operating system software
• Network Infrastructure Attacks denial of service through attacks on routers and name servers (This is normally used to impersonate the server).
• IP Spoofing Attacks gaining system access by tunnelling through firewalls
• WWW Threats gaining users or system information through the web of CGI programmes

Internet and Network security what's in store?

The upward trend of security incidents and threats as revealed by the e-security index, coupled with the lack of professional expertise and proven technology, has fuelled the growth of the Internet security sector within Malaysia's Information Technology industry.

"We have achieved significant success since our start-up a year ago having registered an impressive growth since July 2001 via an holistic understanding of and approach to network security issues and the needs of the market. More importantly, we believe there is still ample room for growth," concluded See. The company is currently working towards obtaining the BS7799 security standard certification by end September.

E-Cop.net stands for Network for Electronic Crimes and Online Protection.