Tuesday, September 3, 2002

More cyber-attacks coming from Malaysia

KUALA LUMPUR: e-Cop.net Surveillance Sdn Bhd (www.e-cop.net) said that there has been a surge in cyber-attacks originating from Malaysia over the last quarter.
According to data compiled by its regional Global Command Centres (GCCs), which monitor and protect client networks from cyber-attacks, Malaysia was among the top three countries of origination of intrusion attacks.
“Using a monthly analysis, Malaysia-originated attacks accounted for 20% of overall incidents in July, compared to only 5% for the month of June,” said Alan See, CEO of e-Cop.net Surveillance Sdn Bhd.
“An in-depth analysis into the underlying factors (shows that) this jump is primarily due to an increase in web probe occurrences on corporate customers from Malaysian educational institutes and ISP subscribers,” he added.
Most of the probes made were attempts to unveil vulnerable Web (Apache, Internet Information Server), mail, DNS (BIND), FTP (WuFTP) and Proxy servers, the company said in a press statement.
The key objective seems to have been to compromise corporate networks using ready-made scripts.
From the online forensics conducted by the company, it believes that these attempts employed tools and scripts to exploit commonly known vulnerabilities as part of the scanning activity, which in turn increases the speed of the overall propagation, resulting in the surge of activity.
e-Cop.net’s e-Security index monitors changes in events on a monthly consolidated basis using statistics compiled from monitoring activities on clients’ networks, undertaken by its GCCs in Singapore, Malaysia, Hong Kong and Japan.
From the online forensics conducted, e-Cop.net found that the top five countries of origination of intrusion attacks were the United States (31%), North Asia (21%), Malaysia (20%), Singapore (16%) and Australia (6%).
e-Cop.net said that its study of the attacks has shown that the majority of these attacks were mainly Apache exploit attempts to execute arbitrary codes, which could lead to possible Denial-of-Service (DoS) attacks.
In general, web CGI exploits and Microsoft vulnerabilities continue to be two of the more frequent ways which external malicious sources conduct their probes in their attempt to gain access to networks, the company said in its statement.
In light of the increase of attacks, e-Cop.net said that it was crucial for all servers be treated with up to date security patches.
Types of attacks
The techniques most commonly employed in attempted intrusions include the following:
Sniffer attacks: The method of capturing data as traverses the Internet.
E-mail attacks: Gaining access into the system through vulnerabilities in network service software.
Network File System attacks: Gaining data access through vulnerabilities in operating system software.
Network Infrastructure attacks: Denial of service through attacks on routers and name servers (normally used to impersonate the server).
IP Spoofing attacks: Gaining system access by tunnelling through firewalls.
WWW threats: Gaining user or system information through the web of CGI programmes.