By Marcia Savage ,
Federal officials are advising e-commerce sites to tighten security because of a recent increase in cyberattacks.
The FBI's National Infrastructure Protection Center (NIPC) on Friday said it recently has seen an increase in hacker activity targeting U.S. systems associated with e-commerce and other websites. Most of the attacks have been on Windows NT systems, but Unix systems also have been hit.
Attackers are using three known system vulnerabilities to gain unauthorized access and download propriety information, according to the NIPC. Most of the attacks went on for several months before the victims became aware of them.
"The NIPC strongly recommends that all computer network systems administrators check relevant systems and apply updated patches as necessary," the agency said in its advisory. "Specific emphasis should be placed on systems related to e-commerce or e-banking/financial business."
According to the NIPC, one vulnerability that attackers are exploiting allows them to use a Web browser to force a Windows NT server to return information from SQL databases or run system commands. Another vulnerability allows a writer of a malicious SQL query to take unauthorized actions on an SQL Server or MSDE database. A third exploit allows intruders to modify certain register keys to crash systems or to disable security measures.
The NIPC advisory comes on the heels of warnings from security professionals of a strong potential for cybercrime, including denial-of-service attacks, during the online holiday shopping season. The high visibility of e-commerce sites at this time of year presents hackers with a prime opportunity to gain attention by disrupting business, they said.
The holiday season has already brought a rash of new e-mail viruses, including Navidad and Shockwave. Navidad ranked second in a list of the top 10 most frequently occurring viruses last month compiled by antivirus vendor Sophos.
Other seasonal viruses have started to crop up as Christmas approaches, according to Sophos. W32/Music masquerades as a Christmas tune program and features an auto update feature, allowing it to change its functionality by connecting to the author's website, Sophos said.
The holidays bring an influx of personal e-mails, which puts companies at greater risk for security breaches, according to Content Technologies, Bellevue, Wash. The vendor advises IT managers to keep their e-mail networks secure.
"Intruders and malicious attackers tend to target companies more during the holiday season than any other time because they know this is a down time," Content Technologies said in a release issued Monday. "During this vacation and downtime season, companies need to make sure they remain staffed and on full alert."
Try TechWeb's RSS Feed!Broadcom seeking Sr Staff Business Analyst in San Jose, CA
CAST Software, Inc. seeking Sr Post Sales Engineer in New York, NY
Tower Hill insurance Group, Inc. seeking Programmer in Gainesville, FL
ISES, Inc. seeking C # Engineer in Bridgewater, NJ
Dell, Inc. seeking Counsel, Distribution Law, Channel Sales Division in Austin, TX
For more great jobs, career-related news, features and services, please visit our Career Center.
TechWeb's FREE e-mail newsletters deliver the news you need to come out on top.
Get definitions for more than 20,000 IT terms.
Editorial and vendor perspectives
