CERT's statistics, issued Friday, indicated that the number of incidents rocketed from 21,756 reported in 2000 to 52,658 reported in 2001. For comparison's sake, CERT said there were 9,859 reports in 1999, 3,734 in 1998 and six in 1988. To be clear, an incident may involve one site or thousands and may take place over a long period of time.
"The increase [in incidents] we can basically attribute to an increased sensitivity and an increased awareness as to what constitutes an incident," said Chad Dougherty, Internet security analyst at CERT.
"It does appear that intruders are getting more sophisticated," Dougherty said. "In the Nimda worm, you saw a lot of techniques that other malicious code attacks had used. Intruders are starting to target pieces of software and technology that are most widely deployed."
And intruders that are targeting popularly deployed software and technology are finding cracks that allow them to worm their way into systems. CERT said there were 2,437 vulnerabilities reported in 2001, up from 1,090 in 2000 and 417 in 1999. Both Code Red and Nimda targeted Microsoft Corp.'s Internet Information Service (IIS) Web server software, which had a large share of the vulnerabilities reported in 2001.
Dougherty said that the increase in vulnerabilities reported also has to do with awareness; there are more people looking for them these days. But he also noted, "It really drives home the point that sites need to be aware of patches that are available from their vendors."
He added, "It reinforces what we've been saying all along: apply the patches and only enable services and technologies that sites need to run."
But that's just one aspect of decreasing risk. As the number of patches needed to keep a system secure continue to climb, Dougherty said it may be time to look for software with fewer vulnerabilities.
"One piece of the puzzle for reducing risk is to have software with fewer vulnerabilities out of the box -- software that is more secure by default," he said.