SANS list shows hacker strategy shift

By
Follow google news

Cyber-criminals have switched targets, the latest edition of the SANS Top 20 reported this week.

For the first time since the annual list was first distributed in 2000, analysts have seen a shift from a vast majority of attacks targeting operating and email systems and web servers to application programs.


The study noted that the "most noticeable" set of applications targeted are backup, recovery and antivirus applications.

"We are seeing a trend to exploit not only Windows, but other vendor programs installed on large numbers of systems," said Rohit Dhamankar, lead security analyst for 3Com's Tipping Point Division.

"These include backup software, antivirus software, database software and even media players. Flaws in these programs put critical national and corporate resources at risk and have the potential to compromise the entire network."

The institute noted important statistic in the Top 20 list is new public awareness of vulnerabilities in network devices.

Jerry Dixon, US-CERT director, also said there is a change in cybercriminals' tactics.

"The US-CERT received reports of important system compromises using vulnerabilities in backup products within a few days of the public disclosure of vulnerabilities in those products," he said.

www.sans.org

Add iTnews as your trusted source

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Bendigo Bank aims to have Australia's "first agentic SOC"

Bendigo Bank aims to have Australia's "first agentic SOC"

Microsoft device telemetry key to unmasking alleged Scattered Spider hacker

Microsoft device telemetry key to unmasking alleged Scattered Spider hacker

ASD to retire Essential Eight cyber security framework within next two years

ASD to retire Essential Eight cyber security framework within next two years

Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases

Log In

  |  Forgot your password?