top_right.jpg (3353 bytes)
nblublu.jpg (3624 bytes) bar.jpg (12187 bytes)
Statistics
Arrests & Convictions
General InfoSec
Security Spending
Web Defacements
Viruses
Alarming News
Reports and Papers
Become a Stat!
Search
Home
Awareness Tools
Tools Main
Password Strength Meter
Dictionary-Based Hash Cracker
Cisco Hash Decoder
Generic Hash Calculator
HTTP Basic Auth Decoder
Searchable Port and Protocol Index
About Us
Company Info
Advertising Info
Other
Links


 

 

Web Defacement Statistics:

From Security News Portal, 2 April 2003, http://www.securitynewsportal.com/cgi-bin/cgi-script/csNews/csNews.cgi?database=JanY.dbid=67

  • "75% of all web servers running MS IIS 5.0 are vulnerable to exploitation." 
  • "Microsoft issued a security alert on March 17 2003 regarding a buffer overflow vulnerability which allows attackers to execute arbitrary code on Windows 2000 machines. [A recent Netcraft survey] found 767,721 IPs running IIS 5.0 and offering WebDAV and 273,496 IPs running IIS 5.0 with the protocol turned off."

From Computer Economics, 2 January 2002, http://www.computereconomics.com/cei/press/pr92101.htm

It is estimated that the worldwide impact of malicious code was 13.2 Billion Dollars in the year 2001 alone, with the largest contributers being SirCam at $1.15 Billion, Code Red (all variants) at $2.62 Billion, and NIMDA at $635 Million.

From SANS, 3 October 2001, http://www.incidents.org/react/nimda.pdf

86,000+ Internet hosts are thought to have been compromised and used to propagate the NIMDA worm, on September 18th.  37,318 (42.97%) of those hosts resided in the US.

From CAIDA, 25 July 2001, http://www.caida.org/analysis/security/code-red/

After significant analysis, the Cooperative Association for Internet Data Analysis (CAIDA) found that the "Code Red" worm affected more than 359,000 servers in less than 14 hours.  They also determined:

  • "At the peak of the infection frenzy, more than 2,000 new hosts were infected each minute."
  • "43% of all infected hosts were in the United States"
  • "11% originated in Korea"
  • "5% of [the infected hosts] were in China, and 4% in Taiwan"
  • A QuickTime animation of the geographic expansion of the worm was also made available.

From CERT, 20 July 2001, http://www.cert.org/advisories/CA-2001-19.html and
http://www.cert.org/advisories/CA-2001-23.html

By exploiting a vulnerability in Microsoft's IIS web server product, over 250,000 web sites are thought to have been compromised by the "Code Red" worm, in the course of a 9 hour period.

From Attrition, 11 May 2001, http://attrition.org/security/commentary/worm01.html

8,836 servers are thought to have fallen prey to the " sadmind/IIS Worm ", between May 1st and May 8th, according to a list of IP addresses obtained by Attrition staff. The worm compromises Sun Solaris systems and then instructs those systems to deface 2000 Microsoft IIS systems using the IIS Unicode exploit. The defacement message used by the worm contains an inflammatory statement about the US Government, as well as a "calling card" in China.

From NineMSN, 11 May 2001, http://news.ninemsn.com.au/sci_tech/story_12892.asp

As reported by NineMSN, a Beijing based Chinabyte, recently stated that "by the end of May 9, more than 1,100 of our nation's websites were defaced to differing degrees, with 72 per cent of the websites belonging to the government or educational institutes."

From The Computer Security Institute with the participation of the San Francisco Federal Bureau of Investigation's (FBI) Computer Intrusion Squad, 12 March 2001, http://www.gocsi.com/prelea_000321.htm , out of 538 respondents (directly quoted):

  • 85% (primarily large corporations and government agencies) detected computer security breaches within the last twelve months
  • More respondents (70%) cited their Internet connection as a frequent point of attack than cited their internal systems as a frequent point of attack (31%).
  • The rise in those citing their Internet connections as a frequent point of attack rose from 59% in 2000 to 70% in 2001.
  • 97% have WWW sites.
  • 47% conduct electronic commerce on their sites.
  • 23% suffered unauthorized access or misuse within the last twelve months.
  • 27% said that they didn't know if there had been unauthorized access or misuse.
  • 21% of those acknowledging attacks reported from two to five incidents.
  • 58% reported ten or more incidents.
  • 90% of those attacked reported [web site] vandalism (only 64% in 2000).
  • 78% reported denial of service (only 60% in 2000).
  • 13% reported theft of transaction information (only 8% in 2000).
  • 8% reported financial fraud (only 3% in 2000).
  • more...

From ZDNet, 24 January 2001, http://www.zdnet.com/zdnn/stories/news/0,4586,2677878,00.html

"Failing to responsibly patch computers led to 99 percent of the 5,823 Web site defacements last year, up 56 percent from the 3,746 Web sites defaced in 1999, according to security group Attrition.org. "

From Attrition, 4 Jan 2001, http://www.attrition.org/mirror/attrition/os.html

In a year and 4 month period, between August 1999 and January 4th, 2001, 8071 separate web sites were broken into and subsequently defaced.  The OS percentages for these defaced sites were as follows:

  • 56.57% (4566 servers) Ran Microsoft Windows NT
  • 12.59% (1016 servers) Ran Miscellaneous Versions of Linux
  • 8.25% (666 servers) Ran Sun Solaris
  • 7.76% (626 servers) Ran Red Hat Linux
  • 2.91% (235 servers) Ran BSDI
  • 2.78% (224 servers) Ran FreeBSD
  • 2.48% (200 servers) Ran SGI IRIX
  • 2.37% (191 servers) Ran Windows 2000
  • 1.41% (114 servers) Ran unknown or unreported operating systems
  • 0.48% (39 servers) Ran SCO Unix
  • 0.42% (34 servers) Ran Linux (ALZZA)
  • 0.31% (25 srevers) Ran Linux (Cobalt)
  • 0.30% (24 servers) Ran Windows 95
  • 0.19% (15 servers) Ran Digital Unix
  • 0.15% (12 servers) Ran Genereic Unix variants
  • 0.14% (11 servers) Ran Debian Linux
  • 0.14% (11 servers) Ran IBM AIX
  • 0.12% (10 servers) Ran Linux (SuSE)
  • 0.12% (10 servers) Ran Linux (Mandrake)
  • 0.10% (8 servers) Ran HP/UX
  • 0.09% (7 servers) Ran OpenBSD
  • 0.09% (7 servers) Ran MacOS
  • 0.06% (5 servers) Ran Compaq True64 Unix
  • 0.05% (4 servers) Ran Novell Netware
  • 0.05% (4 servers) Ran NetBSD
  • 0.04% (3 servers) Ran Linux (Slackware)
  • 0.02% (2 servers) Ran Digital OSF1
  • 0.01% (1 server) Ran MacOSX
  • 0.01% (1 server) Ran PowerBSD

From Attrition, 10 June 2000, http://www.attrition.org/mirror/attrition/os.html

Between August 1999 and June 10th, 2000,  6178 separate web sites were broken into and subsequently defaced.  The OS percentages for these defaced sites were as follows:

  • 74.75% Ran Microsoft Windows NT
  • 5.05% Ran Sun Solaris
  • 4.04% Ran Red Hat Linux
  • 4.04% Ran other Linux variants
  • 3.03% Ran BDSI
  • 2.02% Ran FreeBSD
  • 1.01% Ran SGI IRIX
  • 6.06% Ran unknown or unreleased Operating Systems

Of the machines defaced, the following were the domain name breakouts:

  • 42.41% Belonged to US corporations (.com)
  • 5.39% Belonged to US Based Internet Providers (.net)
  • 4.76% Belonged to US based universities (.edu)
  • 3.88% Belonged to the US Government (.gov)
  • 7.28% Belonged to US Non-Profit Organizations (.org)
  • 2.24% (139 separate machines) belonged to the US military (.mil)

Recent General Web Defacement Statistics:

From Wired News, 29 March 2000, http://www.wired.com/news/politics/0,1283,35264,00.html 

 A 19-year-old Houston cracker agreed to plead guilty to one count of conspiracy for teleconferencing fraud and computer cracking in one of the government's most notorious cybercrime cases, court documents show. GlobalHell, the hacker group that the teen belonged to, is said to have caused at least $1.5 million in damages to various U.S. corporations and government entities, including the White House and the U.S. Army.

From The Computer Security Institute with the participation of the San Francisco Federal Bureau of Investigation's (FBI) Computer Intrusion Squad, 22 March 2000, http://www.gocsi.com/prelea_000321.htm , out of 643 respondents:

  • 25% of respondents detected system penetration from the outside.
  • 27% of respondents detected denial of service attacks.
  • 79% detected employee abuse of Internet access privileges (for example, downloading pornography or pirated software, or inappropriate use of e-mail systems).
  • 85% detected computer viruses
  • 93% of respondents have WWW sites.
  • 43% conduct electronic commerce on their sites (in 1999, only it was only 30%).
  • 19% suffered unauthorized access or misuse within the last twelve months.
  • 32% said that they didn't know if there had been unauthorized access or misuse.
  • 35% of those acknowledging attack, reported from two to five incidents.
  • 19% reported ten or more incidents.
  • 64% of those acknowledging an attack reported Web-site vandalism.
  • 60% reported denial of service.
  • 8% reported theft of transaction information.
  • 3% reported financial fraud.
  • 273 organizations that were able to quantify their losses reported a total of $265,589,940

From PC World News, 28 May 1999, http://www.pcworld.com/pcwtoday/article/0,1510,11177,00.html

On May 27th, 1999, hackers attacked the FBI’s own web presence, forcing them to take the site down.
nbottom-left.jpg (3598 bytes) © Copyright Security Stats.Com, Inc 2000 nbottom-right.jpg (2758 bytes)