SANS sees upsurge in zero-day Web-based attacks
It also warned of emerging security threats to VoIP
Computerworld - If major attack trends this year are any indication, security administrators looking to prioritize their tasks for 2007 would do well to focus on fighting highly targeted attacks and protecting their Web and Microsoft Office application environments.
A report released by the SANS Institute today showed a sharp increase in attacks on all three fronts this year, along with a surge in zero-day attacks and security threats associated with the use of voice over IP.
The trends were highlighted in SANS's annual update to its list of top 20 Internet security vulnerabilities, which reflects the consensus opinions of more than three dozen security researchers and agencies, including the U.S. CERT and the Department of Homeland Security.
The attack trends suggest a continued shift away from the "noisy," attention-grabbing virus and worm attacks of the past to more covert attacks via Trojans and other malware, Alan Paller, director of research at SANS, said this morning at a news conference where the list was announced.
"There has been a large downturn in the number of alerts we have been pushing out" related to traditional bugs, said Roger Cumming, director of the National Infrastructure Security Coordination Center in the U.K. At the same time, there has been a "marked increase" in the amount of Trojan horse attacks typically delivered via e-mail with malicious attachments, he said. Hackers increasingly are "moving towards developing exploit code with a specific purpose," he noted.
Often, those responsible for developing and delivering such malicious code are different from the "attack sponsors" behind the attacks, Cumming said. "The crime bosses do not themselves have the skills, so they canvass and pay large amounts of money to hackers" willing to develop malware, he explained.
Therefore, from an enterprise standpoint, it's important to focus on risk management practices that emphasize data protection, Cumming said.
Data from more than 10 million network scans also shows a surge in vulnerabilities being discovered in Microsoft Office applications and in attacks directed against them, said Amol Sarwate, manager of the vulnerability management lab at security vendor Qualys Inc.
The number of vulnerabilities discovered in Microsoft Office so far this year is triple the amount discovered in 2005, Sarwate said. Out of that number, which SANS did not release, about 45 involved serious and critical vulnerabilities -- and nine were zero-day flaws for which no patch was available, according to SANS. Most attacks against Office applications require users to open a malicious Word, Excel or PowerPoint document sent via e-mail.
But many attacks are being carried out through the Web, where users can be compromised simply by browsing malicious Web sites that exploit vulnerable client-side code, Sarwate said. "Hackers are now targeting common users" in such attacks, he said.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts