    See your link here |
Subscribe to Computerworld 
or Other Security Stories
|
|
|
|
November 15, 2006 (Computerworld) -- If major attack trends this year are any indication, security administrators looking to prioritize their tasks for 2007 would do well to focus on fighting highly targeted attacks and protecting their Web and Microsoft Office application environments.
A report released by the SANS Institute today showed a sharp increase in attacks on all three fronts this year, along with a surge in zero-day attacks and security threats associated with the use of voice over IP.
The trends were highlighted in SANS's annual update to its list of top 20 Internet security vulnerabilities, which reflects the consensus opinions of more than three dozen security researchers and agencies, including the U.S. CERT and the Department of Homeland Security.
The attack trends suggest a continued shift away from the "noisy," attention-grabbing virus and worm attacks of the past to more covert attacks via Trojans and other malware, Alan Paller, director of research at SANS, said this morning at a news conference where the list was announced.
"There has been a large downturn in the number of alerts we have been pushing out" related to traditional bugs, said Roger Cumming, director of the National Infrastructure Security Coordination Center in the U.K. At the same time, there has been a "marked increase" in the amount of Trojan horse attacks typically delivered via e-mail with malicious attachments, he said. Hackers increasingly are "moving towards developing exploit code with a specific purpose," he noted.
Often, those responsible for developing and delivering such malicious code are different from the "attack sponsors" behind the attacks, Cumming said. "The crime bosses do not themselves have the skills, so they canvass and pay large amounts of money to hackers" willing to develop malware, he explained.
Therefore, from an enterprise standpoint, it's important to focus on risk management practices that emphasize data protection, Cumming said.
Data from more than 10 million network scans also shows a surge in vulnerabilities being discovered in Microsoft Office applications and in attacks directed against them, said Amol Sarwate, manager of the vulnerability management lab at security vendor Qualys Inc.
The number of vulnerabilities discovered in Microsoft Office so far this year is triple the amount discovered in 2005, Sarwate said. Out of that number, which SANS did not release, about 45 involved serious and critical vulnerabilities -- and nine were zero-day flaws for which no patch was available, according to SANS. Most attacks against Office applications require users to open a malicious Word, Excel or PowerPoint document sent via e-mail.
But many attacks are being carried out through the Web, where users can be compromised simply by browsing malicious Web sites that exploit vulnerable client-side code, Sarwate said. "Hackers are now targeting common users" in such attacks, he said.
 |
Print this Story |  |
Send Us Feedback |  |
E-mail this Story |  |
Digg this Story |  |
Slashdot this Story |
|
| |
 |
|
All Zones Business Continuity Zone The File Data Management Zone Security Management Zone The SAS Zone Business Intelligence and Analytics Zone The Enterprise Search Zone Software as a Service Zone The Security Zone |
| See your link here |
 |
||||||||
|
||||||||
|
||||||||
|
||||||||
|
 The Security Zone With the mobility of employees and the ease with which external devices can be brought in and out of a network, continuing to build your security plan for network servers and clients is a must. Fortunately, there is much that organizations can do to protect themselves from attacks - internal and external. Having the right policies, procedures and server configurations is critical... Learn more in The Security Zone See All Zones |
 Fired up about IT? Join Sharkbait and share your true tales of IT. SharkBait is the place for you to sound off about everything IT – the good, the bad, and the rest of the weird stuff you deal with every day.New baits  |
|
|
 IT Blogwatch: Critical IE patch now available: go get it! Watching bloggers watch Microsoft's latest out-of-cycle, critical patch for Internet Explorer. ... [more] |
 |
 |
Webcast: The Automation of IT Compliance Programs: Reducing Risk, Cost and Complexity of Corporate Compliance
To meet the growing number of industry and federal regulations, businesses spend significant time, effort, and budget determining how to best meet continuously evolving IT compliance requirements this new Forrester Research and Juniper Networks Webcast led by industry experts who examine global IT security and compliance trends, common IT compliance issues and challenges, and best practices for successful IT compliance programs.View this webcast |
Whitepaper: Tackling the Top Five Network Access Control Challenges
The major challenge enterprises face today is how to create innovative business models and to increase productivity by opening the network to a dynamic workforce, while at the same time protecting critical assets from the vulnerabilities that openness and user mobility bring. In addition, to comply with industry and governmental regulations, enterprises must prove that they have stringent controls in place to restrict access to sensitive data. This paper describes the top five networking access control challenges that companies like yours are facing and solutions that they are deploying today.Download this white paper |
Whitepaper: Addressing PCI Compliance with a Comprehensive Network Access Control Solution
The Payment Card Industry (PCI) is one of the most comprehensive data security standards in a cluster of regulations that have emerged over the past decade. Meeting its requirements is both complicated and expensive for many companies. Learn how a comprehensive access control solution allows retailers and consumer organizations adhere to the core tenets of PCI, and delivering the necessary information and reports needed for compliance audits.Download this white paper |
Whitepaper: Control System Cyber Vulnerabilities and Mitigation of Risk for Utilities
Today's global industrial infrastructure includes thousands of electric utilities, water/wastewater management companies, oil and gas suppliers, chemical manufacturers and other facilities critical to daily functioning. Learn why relying on off-the-shelf operating systems and Internet-based remote access control to carry out production tasks, traditional control networks can leave today's global industrial infrastructures vulnerable to hackers, extortionists, worms, viruses and application-level attacks. Deploying network-based security can protect these at-risk systems–without requiring infrastructure replacement.Download this white paper |
CIO Computerworld CSO DEMO GamePro Games.net IDG Connect IDG World Expo Infoworld The Industry Standard ITworld JavaWorld LinuxWorld MacUser Macworld Network World PC World Playlist
Copyright © 2008 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
|
Process Automation with Symantec
Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs. 
Download this new white paper today!
Read up on the latest ideas and technologies from companies that sell hardware, software and services.
