SANS list shows hacker strategy shift

By

Cyber-criminals have switched targets, the latest edition of the SANS Top 20 reported this week.

For the first time since the annual list was first distributed in 2000, analysts have seen a shift from a vast majority of attacks targeting operating and email systems and web servers to application programs.


The study noted that the "most noticeable" set of applications targeted are backup, recovery and antivirus applications.

"We are seeing a trend to exploit not only Windows, but other vendor programs installed on large numbers of systems," said Rohit Dhamankar, lead security analyst for 3Com's Tipping Point Division.

"These include backup software, antivirus software, database software and even media players. Flaws in these programs put critical national and corporate resources at risk and have the potential to compromise the entire network."

The institute noted important statistic in the Top 20 list is new public awareness of vulnerabilities in network devices.

Jerry Dixon, US-CERT director, also said there is a change in cybercriminals' tactics.

"The US-CERT received reports of important system compromises using vulnerabilities in backup products within a few days of the public disclosure of vulnerabilities in those products," he said.

www.sans.org

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?