Business 'ignorant of DoS attack threat'

More than half of companies' computer systems are at risk of Email attacks, yet few realise it, according to research.

Denial of Service (DoS) attacks attempt to overload or crash a server by bombarding it with packets of data, usually through repeated web requests or Emails.

This type of computer crime has gained notoriety after a number of high profile attacks on betting Websites, where criminal gangs, thought to operate out of Russia, attempted to extort money from bookmakers in return for stopping the attacks, which usually occur just before a major sporting event to cause maximum loss of revenue.

But research shown to Times Online indicates that it is not just bookmakers that are subject to the threat.

More than half of all organisations still filter their spam and viruses in-house at the desktop or network gateway level, rather than at the Internet level, according to the research.

Filters at the lower level allow all Email, including spam and virus-infected Emails, to reach employee inboxes, potentially exposing them to the risk of DoS attacks.

But an Internet-level filter can stop spam and viruses reaching the network, lessening the risk of attack by eliminating the bandwidth used by downloading spam.

The research, which was commissioned by intY, also found that 71 per cent of IT managers mistakenly believe their organisations are not vulnerable to DoS attacks.

Mark Herbert, founder of intY, says it is worrying that so many organisations do not realise they are vulnerable to attacks that could potentially bring their businesses to a standstill.

"Most people think of online gambling Websites when they think of DoS attacks, however all businesses need to realise that they could easily be attacked through Email.

"Even the Greater Manchester Police has fallen victim to an Email DoS attack. Earlier this year its chief constable was bombarded with 2,000 Emails an hour by cyber criminals in an attempt to crash the force's computer systems."

The research also revealed that 92 per cent of IT managers believe that Internet Service Providers (ISPs) are not doing enough to reduce the amount of spam and viruses reaching their customers' inboxes and networks.

Most ISPs only offer a basic level of anti-spam and anti-virus protection.

The increasing awareness of DoS attacks has led to calls for tougher legislation. At present prosecutions for e-crimes come under the Computer Misuse Act 1990. But critics argue that although this legislation was foresighted at the time of its creation, it is now 15 years old and has failed to keep up with the rapidly changing world of computer crime.

"Computers have moved on tremendously since 1990 but the law has not," Simon Janes, international operations director at Ibas, the computer forensics company that ran the survey, told Times Online.

"At present the maximum sentence for hackers is just six months and there is nothing in the Act that allows the police to handle and prevent denial of service attacks. There needs to be greater penalties to reflect the seriousness of hacking and the Police need the power of arrest and search without warrant."

But 93 per cent of the IT managers questioned in the research do not believe that security legislation will help solve the problem or be an efficient deterrent to cyber criminals.

Mr Herbert says this indicates that it is vital for businesses to put the right measures in place to protect themselves against the consequences of spam attacks, viruses or any other form of malware.

"By offering filtering at higher levels to prevent spam or Email viruses reaching the user's inbox, ISPs will protect their customers from experiencing the damage caused by an Email Denial of Service attack," Mr Herbert says.

print this article

Return to internet news headlines
View Internet News Archive

Share with: