Browser vulnerabilities and botnets top security threat list
January 14, 2008
Many Internet security experts are trying to predict the cyber attacks most likely to cause substantial damage and the most trouble in 2008. The list on this page, drawn together by twelve security experts under the auspices of the SANS Institute, is based on an analysis of emerging attack patterns.
Overall, two of the resulting predictions - malware on consumer devices and web application security exploits - have already come true in the early days of 2008, evidence that that the run down is closer to the mark than other security predictions.
Not surprisingly, browser exploit came out as the top threat in the run down. However, the risk is rapidly growing. Web site attacks have migrated from simple exploits to more sophisticated attacks based on scripts that cycle through multiple exploits to yet more sophisticated attacks featuring packaged modules.
One of these latest modules, mPack, produces a claimed 10-25 per cent success rate in infecting Internet surfers.
Attackers are actively placing exploit code on popular, trusted web sites where users have an expectation of security.
Placing better attack tools on trusted sites is giving attackers a huge advantage over the unwary public. Meanwhile, attackers have broadened the scope of the vulnerabilities they target to encompass components, such as Flash and QuickTime, that are not automatically patched when the browser is patched.
Evolution in existing threats - including stealthier botnet control techniques and more subtle social engineering approaches in phishing attacks, is a general theme that runs through the whole list.
Blended attacks may include an inbound email, apparently being sent by a credit card company, asks recipients to "re-authorise" their credit cards by calling a 1-800 number. The number leads them (via VoIP) to an automated system in a foreign country that, quite convincingly, asks that they key in their credit card number, CVV, and expiration date.
The security threat list will be formally launched at the SANS Security 2008 conference in New Orleans later today.
Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.
You can link to the
Internet Security web site as
much as you like. Read our section on how your company can participate in our
reciprocal link exchange program
and increase your rankings
in the major search engines such as
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing