10 High Impact Cyber Security Threats in 2008 (3/3)

Security Incidents : 10 High Impact Cyber Security Threats in 2008 (3/3)

Posted by Max on 2008/1/22 1:13:32 (753 reads)

Having looked at part 1 of the 10 highest security threats for 2008, we've seen the predicted attacks of botnets, cyber espionage and web site attacks . Part 2 shows the risks of Mobile Phone threats, insider attacks, spyware and advanced identity theft. This is Part 3 of the 10 High Impact Cyber Security Threats in 2008 series.

8 Web Application Exploits
Quite a great number of web sites exhibit also a great number of vulnerabilities owing to programming errors, such cross site scripting, SQL injection, etc.Not many attacks were targeting these sites before 2007 since there were other attack vectors with a high potential to create an advantage in illegal economic or information access.

However, recently, programming errors have been seen more and more as new line of attacks against organizations. For example, Web 2.0 applications are exposed to threats because user-supplied data is unreliable; your script running in the users' browser still represents "user supplied data."

9 Social Engineering
Of great impact are now those combined approaches which turn a lot of more common attacks into increasingly dangerous hits. A good example in this case would be the notorious phishing which is being dramatically amplified by first stealing IDs of users of different technologies. According to SANS Institute event phishing is becoming much more complex.

It seems that tax filing scams as well as scams developed for the U.S. Presidential elections will be a major problem for 2008. If we also consider possible bogus fund raising sites and push it further to who knows, maybe political foul schemes employing digital methods, then we got ourselves all the ingredients for quite "spicy" dish.

10 Supply Chain Attacks Infecting Consumer Devices (USB Thumb Drives, GPS Systems, Photo Frames, etc.) Distributed by Trusted Organizations
Trying to catch up on the fraudulent market, attacks using tools with USB connections and CDs packaged with those tools are increasing their number. Criminals use these products "equipped" with malware to infect victims' PCs and connect them into botnets.

Such attacks based on the same technique are progressively targeting conference participants who receive USB thumb drives and CDs presumably containing just the conference documents with a "bonus" in the form of malicious software.

Part 1: Web Site Attacks, Effectiveness In Botnets, Cyber Espionage using Targeted Phishing
Part 2: Mobile Phone Threat, Insider Attacks, Advanced Identity Theft, Increasingly Malicious Spyware.

Previous article - Next article

Other articles
2008/10/9 14:10:42 - Google Trends Used to Promote Fake Anti-Virus Software
2008/10/9 13:50:47 - Spam, Child Porn, Illegal Pharmaceuticals, and Stolen Data Make The Web Axis of Evil
2008/10/8 12:22:22 - New Anti-Phishing Service by BluePrint On National Cyber Security Awareness Month
2008/10/7 16:17:07 - Adware Released As Fake Antivirus Increases
2008/10/2 15:30:28 - Agnitum's Outpost Security Suite Pro Gains Another VB100% (on Windows Server 2008)
2008/10/2 15:21:49 - New FREE Security Tools From Verizon
2008/9/30 17:45:27 - SkyRecon Adds Anti-Virus Protection (AVP) to Its StormShield Security Suite
2008/9/30 17:32:11 - IdentitySecure, The New Identity Theft Protection Program from Affinion
2008/9/30 17:13:08 - Web Application Security Mythbusters by Cenzic Inc.
2008/9/30 17:03:58 - Disk Doctors Announces Support For The Hurricane IKE and Gustav victims

The comments are owned by the poster. We aren't responsible for their content.