FBI Computer Crime Survey Finds Widespread Attacks

Few organizations were exempt from cyber-attacks in 2005, a new survey says, with viruses and worms continuing to be the most common.

An FBI survey of more than 2,000 public and private organizations on the subject of cyber-crime found that almost 90 percent had experienced computer security incidents in 2005.

The 2005 FBI Computer Crime Survey is one of the largest by the agency on the topic of cyber-crime and found widespread evidence of criminal online behavior targeting organizations in the United States.

While organizations are becoming more vigilant about computer security risks, only 90 percent of organizations that experienced attacks reported them to law enforcement, according to an FBI statement.

Attacks by computer viruses and worms continued to be the most common kinds of attacks reported by the organizations surveyed by the FBI.

Viruses were detected by 83 percent of those responding to the survey; 79 percent of those responding said they had encountered spyware during the year, while 20 percent said their networks had been scanned or had data sabotaged.

Total losses for the companies surveyed were estimated at $32 million, with virus and worm attacks accounting for $12 million of that, according to the FBI.

The survey, which was released on Jan. 11, is different from the annual survey conducted by the FBI and CSI (Computer Security Institute), which came out in July. The CSI/FBI survey of 700 U.S. corporations, government agencies, and financial and medical institutions found that attacks on computer networks and losses from computer attacks were both down in 2005.

The new survey is designed to represent a broader spectrum of companies than those in the CSI survey, with more than 2,000 private and public organizations surveyed in four states, the FBI said.

/zimages/1/28571.gifFor advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

The latest survey presents a less optimistic picture. More than 64 percent of respondents incurred a financial loss in 2005 and 44 percent said they were attacked from within their own organization, the FBI said.

/zimages/1/28571.gifClick here to read about why government security experts are keeping an eye on the iPod and the Xbox.

The results of the latest survey rang true with Chad Lorenc, an information security officer with Ent Credit Union in Colorado Springs, Colo.

IT security staff at Ent were able to keep the credit unions network free of worm and virus infections, but have noticed an increase in phishing attacks in the last year, he said.

Only one phishing attack targeted Ents customers, with most looking for customers of common online providers like eBay Inc. However, the phishing attacks and the wider use of Trojan horse programs affect Ents customers more than they affect the bank itself, he said.

/zimages/1/28571.gifWhat lessons can cyber-crime fighters learn from the drug wars? Read an eWEEK editorial here.

Echoing the findings of the survey, Lorenc said Ent has ramped up internal security in the last two years to make it less susceptible to disruption from cyber-attacks.

"Weve gotten very proactive about patching in the last two years …We really stepped up patching and brought in a managed services company to help us do defense in depth," he said.

Ent uses firewalls and intrusion detection systems, monitors key servers and pays for a fraud monitoring service to spot suspicious activity affecting its customers accounts, he said.

/zimages/1/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.