The number of Internet attacks reported by companies looks likely to double in 2001, a government-funded security response group reported Monday.
The Computer Emergency Response Team (CERT) Coordination Center, the group that administers the myriad CERTs around the United States, counted nearly 35,000 attacks and probes in the first nine months of this year.
While the increase in such incidents may indicate more intruders attacking, much of the increase is due to the growth of the Internet, said Larry Rogers, a senior member of the technical staff at the CERT Coordination Center.
"There are more targets and more information that can be gathered out there," he said. "Also, more people are aware of security issues." Those who take security to heart, he said, tend to be more likely to report probes and attacks.
At the current rate, the CERT Coordination Center's tally should top 46,000 by the end of the year, doubling the nearly 22,000 incidents counted last year. Each "incident" corresponds to a report filed by a company or organization struck by an intruder, worm, virus or other Internet attack.
While the Internet has seen a massive rise in the number of attacks due mainly to the successes of several worms, those epidemics have little to do with the increase in incidents, said CERT's Rogers. The CERT Coordination Center's policy is to count each worm or virus only once, no matter how widespread the attacks become.
This summer, SirCam, Code Red and the Nimda worms have propagated widely and caused headaches for system administrators and people online at home.
Instead, the large number of automated scans for vulnerabilities and Web defacements contribute more to the rapid increase.
When the CERT Coordination Center started counting incidents in 1988, the year that Robert T. Morris released his Internet Worm, only a handful of attacks made it on the list.
In 1989, that number hit 132 and approximately doubled for the next five years. Between 1994 and 1998, however, the number of incidents leveled off around 2,500. By 1999, the number of reported attacks and probes hit almost 10,000 and more than doubled the next year.
CERT considers an incident as any group of activities in which the same tool or exploit is used by an intruder. An incident can affect anything from a single computer to numerous host computers at hundreds of thousands of locations.
Rogers surmised that attacks hit a plateau because the Internet still wasn't as widely used as it is today.
"The Internet hadn't quite caught back then as it has now," he said.
The growth in the Web and availability of inexpensive computers has lead to more insecure computers and more curious hackers probing the Internet, Rogers said.
"The Web is entrenched in our daily lives, and that speaks to why these numbers are doubling," he said.