Government cyberattack profiles vary from global average
- By William Jackson
- Jun 09, 2004
Hackers seem to be attracted to government Web servers and file sharing applications, a managed security services provider says.
Eight of the top 10 attacks directed against government systems were associated with Web servers or applications, according to a study of cyberattack trends in the last half of 2003 by Symantec Corp. of Cupertino, Calif.
'This differs from global Internet attack activity during this period,' analysts said.
Another difference was the popularity of attacks against ports associated with peer-to-peer file sharing networks, such as Gnutella and eDonkey. This could be an indication that lots of federal workers are using these applications, which could provide entry points for attacks or malicious code.
The figures were extracted from Symantec's latest semiannual Internet Security Threat Report, which tracks trends observed by the company's Threat Management System and Managed Security Services sensors deployed on customers' networks.
The top 10 attacks recorded by Symantec against government customers accounted for 76 percent of the total volume, with the top three attacks accounting for 47 percent. All told, attacks against Web servers and applications accounted for slightly more than 71 percent of government attacks.
By far the largest number of attacks against government systems was traced to systems within the United States, which jibes with overall attack statistics. One major difference in this profile was that Germany was the second most active source of government attacks, with nearly four times as many attacks as China, in third place. In the global rankings China ranked second and Germany sixth.
Symantec analysts cautioned against reading too much into statistics on source countries because compromised systems can be used by attackers from anywhere in the world.
One piece of good news in the study is that although W32.Blaster and SQL Slammer featured prominently in global attack activity last year, 'attacks associated with these two worms were absent from the list of top 10 attacks detected by government sensors.'
Apparently, government systems have done a good job of deploying security devices and configuring systems to stop these worms.
William Jackson is a Maryland-based freelance writer.