10 High Impact Cyber Security Threats in 2008 (3/3)

Security Incidents : 10 High Impact Cyber Security Threats in 2008 (3/3)

Posted by Max on 2008/1/22 1:13:32 (1443 reads)

Having looked at part 1 of the 10 highest security threats for 2008, we've seen the predicted attacks of botnets, cyber espionage and web site attacks . Part 2 shows the risks of Mobile Phone threats, insider attacks, spyware and advanced identity theft. This is Part 3 of the 10 High Impact Cyber Security Threats in 2008 series.

8 Web Application Exploits
Quite a great number of web sites exhibit also a great number of vulnerabilities owing to programming errors, such cross site scripting, SQL injection, etc.Not many attacks were targeting these sites before 2007 since there were other attack vectors with a high potential to create an advantage in illegal economic or information access.

However, recently, programming errors have been seen more and more as new line of attacks against organizations. For example, Web 2.0 applications are exposed to threats because user-supplied data is unreliable; your script running in the users' browser still represents "user supplied data."

9 Social Engineering
Of great impact are now those combined approaches which turn a lot of more common attacks into increasingly dangerous hits. A good example in this case would be the notorious phishing which is being dramatically amplified by first stealing IDs of users of different technologies. According to SANS Institute event phishing is becoming much more complex.

It seems that tax filing scams as well as scams developed for the U.S. Presidential elections will be a major problem for 2008. If we also consider possible bogus fund raising sites and push it further to who knows, maybe political foul schemes employing digital methods, then we got ourselves all the ingredients for quite "spicy" dish.

10 Supply Chain Attacks Infecting Consumer Devices (USB Thumb Drives, GPS Systems, Photo Frames, etc.) Distributed by Trusted Organizations
Trying to catch up on the fraudulent market, attacks using tools with USB connections and CDs packaged with those tools are increasing their number. Criminals use these products "equipped" with malware to infect victims' PCs and connect them into botnets.

Such attacks based on the same technique are progressively targeting conference participants who receive USB thumb drives and CDs presumably containing just the conference documents with a "bonus" in the form of malicious software.

Part 1: Web Site Attacks, Effectiveness In Botnets, Cyber Espionage using Targeted Phishing
Part 2: Mobile Phone Threat, Insider Attacks, Advanced Identity Theft, Increasingly Malicious Spyware.

Previous article - Next article

Other articles
2009/11/3 14:55:39 - BitDefender Top Ten Malware Threats for October 09
2009/11/3 14:29:38 - Nov. 09 Microsoft Security Intelligence Report
2009/10/7 15:19:17 - StopSign AntiVirus and Anti-Malware is Windows 7 Compatible
2009/10/7 15:11:26 - New Outlook Backup and Migration Software By Disk Doctors
2009/9/30 4:20:57 - Microsoft Security Essentials, FREE Security Tool Just Released
2009/9/28 14:31:52 - New Rogue Antispyware Cloaked To Infects Computers
2009/9/9 4:31:49 - Trend Micro Proves Leadership in URL Filtering and Web Security
2009/9/9 4:16:20 - New Free Tool to Clean Conficker Once and For All
2009/9/1 8:37:11 - Kaspersky Internet Security 2010 and Kaspersky Anti-Virus 2010 Out Now
2009/9/1 7:54:50 - NEW P2P Advertising Network Protects Users Against Lawsuits And Identity Theft

The comments are owned by the poster. We aren't responsible for their content.