January 19, 2006
Online Attacks Common for Business, FBI Says
WASHINGTON -- Nearly nine out of 10 U.S. businesses suffered from a computer virus, spyware or other online attack in 2004 or 2005 despite widespread use of security software, according to an FBI survey released on Thursday.
Those attacks inflicted average damages of $24,000 on businesses and other institutions even as antivirus software security tools have become standard, the survey found.
Though 98 percent of respondents said they used antivirus software, nearly 84 percent said they had suffered a virus attack in the 12-month period covered by the survey.
Three-quarters said they employed anti-spyware tools, but 80 percent said they had dealt with a spyware attack.
Other types of security problems, such as network sabotage or unauthorized pornography, were less common and less costly.
Some 44 percent of attacks came from within the organization, the survey found. Of those coming from outside, nearly a quarter could be traced to China.
The high number of China-based attacks is "an unusually troubling statistic, especially when considering the potential impact of industrial espionage and state sponsored cyber warfare efforts," the report said.
But the report's authors cautioned that online attackers often route traffic through several computers to cloak their identities. An attacker in Romania, for example, might direct malicious code through a poorly defended computer in China before sending it on to a U.S.-based business.
The survey likely did not catch the full scope of online attacks, said one expert who helped put the report together.
"It is likely that many of the organizations reporting an intrusion did not realize the duration, extent or severity of the intrusion, or detected only a portion of multiple separate intrusions during the reporting period," said Paul Williams, CEO of Grey Hat Research.
The survey drew on responses from 2,066 businesses and other insinuations in four states -- New York, Texas, Iowa and Nebraska.