Linux Most Attacked Server?

Anonymous guy who can't remember his login sent in a story from the Globe And Mail that says "During August, 67 per cent of all successful and verifiable digital attacks against on-line servers targeted Linux, followed by Microsoft Windows at 23.2 per cent. A total of 12,892 Linux on-line servers running e-business and information sites were successfully breached in that month, followed by 4,626 Windows servers."

Article Text

[epsalon]

Linux is favourite hacker target: Study

By JACK KAPICA
Globe and Mail Update

Linux, not Microsoft Windows, remains the most-attacked operating system, a British security company reports.

During August, 67 per cent of all successful and verifiable digital attacks against on-line servers targeted Linux, followed by Microsoft Windows at 23.2 per cent. A total of 12,892 Linux on-line servers running e-business and information sites were successfully breached in that month, followed by 4,626 Windows servers, according to the report.

Just 360 -- less than 2 per cent -- of BSD Unix servers were successfully breached in August.

The data comes from the London-based mi2g Intelligence Unit, which has been collecting data on overt digital attacks since 1995 and verifying them. Its database has tracked more than 280,000 overt digital attacks and 7,900 hacker groups.

Linux remained the most attacked operating system on-line during the past year, with 51 per cent of all successful overt digital attacks.

Microsoft Windows servers belonging to governments, however, were the most attacked (51.4 per cent) followed by Linux (14.3 per cent) in August.

The economic damage from the attacks, in lost productivity and recovery costs, fell below average in August, to $707-million (U.S.).

The overall economic damage in August from overt and covert attacks as well as viruses and worms stood at an all-time high of $28.2-billion.

The Sobig and MSBlast malware that afflict Microsoft platforms contributed significantly to the record estimate.

"The proliferation of Linux within the on-line server community coupled with inadequate knowledge of how to keep that environment secure when running vulnerable third-party applications is contributing to a consistently higher proportion of compromised Linux servers," mi29 chairman D.K. Matai said.

"Microsoft deserves credit for having reduced the proportion of successful on-line hacker attacks perpetrated against Windows servers."

Not to make light of their study

[greechneb]

But how many of these were attacks successful on machines without the correct patches? How many were because of scripting problems on webpages? How many were configured incorrectly? Behind poor firewalls? This doesn't break down what kind of attacks they were. You can't make generalizations without complete information.

Right but what proportion...

[Ex+Machina]

of all Linux ecommerce servers were compromised versus their Windows counterparts?

Re:that accounts for only 90.2 percent??

[akedia]

Uh, ever heard of Solaris? FreeBSD? Companies still run web servers on these operating systems, because Solaris and FreeBSD whip the llama's ass in stability over Linux.

Also, there are some companies that will mess with HTTP headers to return different strings or no string at all, and in the case of Netcraft these don't get counted towards the final numbers. Apache is easily configured to return whatever server string you desire.

Re:successful attacks were linux = 51% or 67% ?

[agallagh42]

The key word in the second sentence is "overt". I think they separated the stats for overt and covert attacks, for some reason.

Still, very confusingly written article, some kind of chart would make it much clearer.