10 High Impact Cyber Security Threats in 2008 (1/3)

Security Incidents : 10 High Impact Cyber Security Threats in 2008 (1/3)

Posted by Max on 2008/1/18 8:27:42 (614 reads)

Twelve cyber security experts, with considerable knowledge and an impressive background about potential attack patterns, joined their efforts to come up with a list of the most probable and the most serious attacks that lie in wait for 2008.

Below we offer their list in rank order:

1.Increasingly Web Site Attacks- Especially On Trusted Web Sites
Web site attacks on browsers tend more and more to be directed at components such as Flash and QuickTime. A reason for that is that they are not automatically patched along with the browser. One can’t help but notice how web site attacks have come a long way from uncomplicated ones to more complex attacks using scripts that go successively through multiple exploits to even more elaborate attacks that employ packaged modules in order to mask with efficiency their payloads.

Among most recent such modules, mpack, exploits browsers that access sites infected with the module with an allegedly 10-25% success rate. However, hackers have taken the game to another dimension. Trusted sites are now being compromised with malicious codes and this will only take by surprise the unsuspecting users that rely on the unquestionable security of these sites.

2.Increasing Sophistication And Effectiveness In Botnets
The infamous Storm worm (which actually did not belong to this category) began its “journey” in January, 2007. The firestarter email that initiated its spreading stated "230 dead as storm batters Europe," and would be accompanied shortly after by different variants.

It only took it a week to be responsible of one out of every twelve infections on the Internet. It installed rootkits and turned every infected system into a member of a new generation of botnet. If earlier botnets used centralized command and control, the ingeniosity of Storm worm was in using peer-to-peer control, so that there would not be any central controller to deal away with. Different versions have used messages with various subjects and enhanced the abilities of the rootkit.

Due to a persistently developing of this worm and also of some even more “refined” ones, worms will hold on to their bad name in 2008 as well.

3.Cyber Espionage using Targeted Phishing
Last year, a great sensation in the security world was the immense breach into federal agencies and defense contractors and the theft of terabytes of information by the Chinese and other nation states. For this year is expected, in spite of rigorous analysis, an expansion of these nation-state attacks.

One thing to raise the steak will be the economic espionage which will become quite familiar as nation-states trying to achieve economic advantage will resort to cyber theft of data to do that. The arsenal will include phishing with attachments and sophisticated technology employed to persuade users such an attachment is sent by a trusted source, as well as new disguising techniques to avoid virus checking.

Part 2 : Mobile Phone Threat, Insider Attacks, Advanced Identity Theft, Increasingly Malicious Spyware
Part 3: Web Application Exploits, Social Engineering, Supply Chain Attacks.

Previous article - Next article

Other articles
2008/8/21 15:52:01 - BitRoll and Torrent101 Used to Distribute the Lop Adware
2008/8/20 15:06:33 - FRAUDFacts Helps You Fight Identity Theft and Fraud for Life
2008/8/13 16:42:03 - 10 Million Zombies Are Spreading Spam and Malware Every Day
2008/8/11 9:03:35 - Nearly $8.5 Billion Lost by US Consumers because of Online Threats
2008/8/8 6:35:36 - EDS' Eight Tips for Consumers to Protect Themselves from Identity Theft

The comments are owned by the poster. We aren't responsible for their content.