Linux hack attacks on the rise

Hackers are increasingly focusing their efforts on the open-source operating system, as attacks on Windows and government sites fall off sharply

Hackers are increasingly targeting Web servers based on the Linux operating system, while the number of successful attacks on Windows systems decreases, according to a new report from UK system integrator Mi2g. The study also found that successful attacks on UK and US government sites have decreased, which may be due to tougher laws and improved security.

In the past, hackers and virus writers have largely focused their efforts on the Windows platform, as its dominance on desktop PCs makes it a ready target. However, Linux has a large share of the Web server market, and Linux server applications are often vulnerable to attack because of mismanagement, according to the study.

Mi2g has evidence of 7,630 successful attacks on Linux systems in the first six months of this year, sharply up from last year's 5,736 attacks. In the meantime, successful attacks on Windows systems running Microsoft's Internet Information Server have fallen by 20 percent from 11,828 in the first half of 2001 to 9,404 in the first half of this year.

The total number of successful attacks for the first six months of the year rose by 27 percent, from 16,007 last year to 20,371 in 2002.

The information is based on Mi2g's own research, which includes information on more than 6,000 hacker groups and records of more than 60,000 hacking events since 1995. The database includes the Computer Security Issues and Trends Survey from the Computer Security Institute (CSI) and the FBI.

The firm urged Linux system administrators to be more vigilant about patching known security bugs. "A quick response in addressing all weaknesses as soon as they are known has now become critical," said DK Matai, Mi2g's chairman and chief executive, in a statement.

Mi2g said that successful attacks on US government systems were down sharply, from 204 in the first half of last year to 54 in the first half of 2002. In the UK, government sites were hit 12 times in the first half of this year, compared with 38 times for the first six months of 2001.

The security firm pinned this drop partly on improved security in the wake of last September's terrorist attacks, and partly on an amendment to the Cyber Security Enhancement Act passed in February 2002. The amendment gives a life imprisonment sentence to hackers who put lives at risk.

Mi2g is a system integrator focussed on security. The firm is based in London and mostly deals with companies in the banking and insurance sectors.

For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Viruses and Hacking News Section.

Have your say instantly, and see what others have said. Go to the Security forum.

Let the editors know what you think in the Mailroom.