Computer security experts have always recognized that one infected computer can put many other systems in danger, and the latest data from security firm SecureWorks underscores that fundamental axiom.
This week, the security firm offered a peek at the data it collected on attacks attempted against its clients. Topping the list, computers in the United States were responsible for more than 20.6 million attempted attacks, while China came in second place with 7.7 million attacks. Computer systems located in other countries placed distantly behind the two top nations, with Brazil accounting for 166,987 attempted attacks, South Korea for 162,289, Poland for 153,205, Japan for 142,346, and Russia for 130,572, the firm stated in a press release on the data.
"We believe these statistics are significant because it clearly shows that the United States and China have a lot of vulnerable computers that have been compromised and are being used as bots to launch cyber attacks," Hunter King, security researcher for SecureWorks, said in the statement. "This should be a warning to organizations and personal computer users that, not only are they putting their computers and networks at risk by not securing them, but they are actually providing these cyber criminals with a platform from which to compromise other computers."
Earlier this year, China's Computer Emergency Response Team (CN-CERT) found that bot-infected computers had grown 20-fold in 2007, estimating that, of 6.23 million bot-infected computers on the Internet, about 3.62 million were in China's address space. China and the U.S. have had words over attacks on government systems coming from China's address space. And last month, SecureWorks announced that it had found a botnet that had apparently been running for more than six years from a command and control server located in Russia.
SecureWorks warned network administrators that blocking ranges of IP addresses is not necessarily a solution to the problem.
"Many hackers hijack computers outside their borders to attack their victims," Don Jackson, director of threat intelligence for SecureWorks, said in a statement. "The Georgia/Russia cyber conflict was a perfect example of this. Many of the Georgian IT staff members thought that by blocking Russian IP addresses they would be able to protect their networks, however, many of the Russian attacks were actually launched from IP addresses in Turkey and the United States so consequently they were hit hard."
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos