Riptech, Inc. last week came out with the results of a study that points to some fairly frightening trends, especially for companies in the high-tech, financial services, media/entertainment and power and energy industries.

RipTech provides security monitoring and remediation services, so it is in the company's interest that people are worried about security issues; fear makes for good business. But given that the company has intrusion detection software installed at customer sites, it is also in a good position to collect data about attempted intrusions. Which is exactly what the company did in order to come up with the Riptech Internet Security Threat Report.

For six months, Riptech collected data from more than 300 of its customers in 25 countries. From the more than 5.5 billion firewall log entries and IDS alerts it collected in that time, the company investigated 128,678 cyber attacks on behalf of its clients. The data in its report is based on those 128,678 attacks. The fact that it is based on actual attack data makes Riptech's report a different animal from others that are based on user surveys, such as annual Computer Security Institute/FBI study.

Among Riptech's findings:

  • The rate of attack activity per company increased by 79% during the data collection period, from July 2001 to December 2001.

  • High-tech, financial services, media/entertainment, and power and energy companies were hardest hit, each averaging more than 700 attacks per company during the six-month test period.

  • Power and energy companies topped all comers, suffering "severe" attacks at more than twice the mean rate of all companies in the sample set.

  • The Nimda and Code Red worms accounted for 63% of all attack activity detected by Riptech. The company did not include activity associated with these attacks in its overall analysis, however; instead, it discusses them separately.
  • Size Doesn't Matter

    There are many other interesting tidbits in the report, including some that are rather puzzling. Companies with more than 500 employees were attacked at least 50% more often than those with fewer than 500 employees. But after that threshold, size doesn't seem to matter much; the attack rate remains about the same for companies in the 500 to 999-employee category as it does for those with 1,000 to 4,999 and 5,000 or more employees.

    Another more frightening finding is that Riptech says it detected "several thousand" different types of attack. Of the top 10 types of attack, the top five targeted known vulnerabilities in Microsoft IIS, all exploited by Code Red and/or Nimda. (This was one category where Riptech included data relative to those attacks.)

    What the company finds to be of greater concern is the increase in attacks on public services like the Web or remote access services, including FTP and SSH, which is a secure alternative to Telent. SSH scans increased by 341% during the six-month test period. Riptech expects such services will continue to be prime targets because they may be accessible even where firewalls offer protection against more common vulnerabilities.

    For a copy of the full report, go to: http://www.riptech.com/securityresources/form9.html. You'll have to be willing to give Riptech your contact information, however.