10 High Impact Cyber Security Threats in 2008 (3/3)

Security Incidents : 10 High Impact Cyber Security Threats in 2008 (3/3)

Posted by Max on 2008/1/22 1:13:32 (1600 reads)

Having looked at part 1 of the 10 highest security threats for 2008, we've seen the predicted attacks of botnets, cyber espionage and web site attacks . Part 2 shows the risks of Mobile Phone threats, insider attacks, spyware and advanced identity theft. This is Part 3 of the 10 High Impact Cyber Security Threats in 2008 series.

8 Web Application Exploits
Quite a great number of web sites exhibit also a great number of vulnerabilities owing to programming errors, such cross site scripting, SQL injection, etc.Not many attacks were targeting these sites before 2007 since there were other attack vectors with a high potential to create an advantage in illegal economic or information access.

However, recently, programming errors have been seen more and more as new line of attacks against organizations. For example, Web 2.0 applications are exposed to threats because user-supplied data is unreliable; your script running in the users' browser still represents "user supplied data."

9 Social Engineering
Of great impact are now those combined approaches which turn a lot of more common attacks into increasingly dangerous hits. A good example in this case would be the notorious phishing which is being dramatically amplified by first stealing IDs of users of different technologies. According to SANS Institute event phishing is becoming much more complex.

It seems that tax filing scams as well as scams developed for the U.S. Presidential elections will be a major problem for 2008. If we also consider possible bogus fund raising sites and push it further to who knows, maybe political foul schemes employing digital methods, then we got ourselves all the ingredients for quite "spicy" dish.

10 Supply Chain Attacks Infecting Consumer Devices (USB Thumb Drives, GPS Systems, Photo Frames, etc.) Distributed by Trusted Organizations
Trying to catch up on the fraudulent market, attacks using tools with USB connections and CDs packaged with those tools are increasing their number. Criminals use these products "equipped" with malware to infect victims' PCs and connect them into botnets.

Such attacks based on the same technique are progressively targeting conference participants who receive USB thumb drives and CDs presumably containing just the conference documents with a "bonus" in the form of malicious software.

Part 1: Web Site Attacks, Effectiveness In Botnets, Cyber Espionage using Targeted Phishing
Part 2: Mobile Phone Threat, Insider Attacks, Advanced Identity Theft, Increasingly Malicious Spyware.

Previous article - Next article

Other articles
2010/3/18 8:07:31 - Panda Cloud Antivirus Receives ICSA Labs' First Cloud-Based Certification
2010/3/17 15:49:34 - Open-Source Email Security Taken To The Next Level at WebhostingDay
2010/3/17 15:18:40 - McAfee Warns ABout Scareware or Fake Antivirus Software
2010/3/2 5:22:13 - VeriSign and AVG Will Integrate VeriSign Trust(TM) Seal Within AVG LinkScanner(R)
2010/3/1 7:36:12 - New Stealth Software Protects P2P Users From Lawsuits by Copyright Holders
2010/2/24 13:55:16 - New State of The Art Firewall By Palo Alto Networks
2010/2/24 13:50:26 - Beware of Fake Antimalware Programs Like PCsProtector
2010/2/24 13:38:02 - New Registry Cleaner Guide Helps Your PC Perform Faster
2010/2/3 7:32:43 - PC Login Now (Full version) Available Now For Free.
2010/2/3 7:11:57 - Mitto Named One of 20 Top Web Applications

The comments are owned by the poster. We aren't responsible for their content.