Linux and open source attacks soar

Attacks on Linux and open source systems are set to more than double this year and may even eclipse the number of hostile attempts made on Windows systems in the future.

The latest figures compiled by the intelligence unit at analyst mi2g have shown a significant rise in the number of attacks on Linux-based open source third-party web applications.

In the first six months of this year 7,630 overt attacks have taken place on Linux boxes. The total number of attacks last year amounted to 5,736.

But attacks on Windows/IIS systems have already dropped by 20 per cent on last year's figures, from 11,828 to 9,404.

According to mi2g, the big picture shows that hack attacks in general are on the rise, up 27 per cent on last year, from 16,007 to 20,371.

The research found that Linux systems in the firing line typically deployed open source third-party applications, certain versions of which contained well known vulnerabilities which are not being patched fast enough and are continuously exploited by hackers.

"The key issue in protecting critical infrastructure is tight configuration management which demands a 24/7 monitoring of vulnerability announcements and associated exploits," said DK Matai, mi2g's chairman and chief executive.

"A quick response in addressing all weaknesses as soon as they are known has now become critical."

But as fears deepen over the threat of cyber terrorism, government bodies and agencies seem to be getting the message and battening down the hatches on their networks.

This is demonstrated by sharp falls in the number of online government systems succumbing to digital attacks.

Over the first half of this year, just 54 US government systems were successfully attacked compared to the 204 that took place during the same period last year.

A total of 38 UK government systems were hit during the first six months of last year, but only 12 have fallen victim so far this year.

One factor thought to be discouraging hackers from attacking US government sites is the amendment of the Cyber Security Enhancement Act in February, which now means life imprisonment for those who put lives at risk by electronic means.