|
News
update
about
Information Security industry
2008 is expected to continue
the 2007 trend of increasing size, scope, and concentration of attacks on
computer networks nationwide. Attacks are increasingly more targeted as
malware, worms, and other malicious code to bypass simpler, more
traditional network security systems. The year 2008 will likely see even
greater emphasis on specific attack methods such as cross-site scripting,
application-level attacks, and more client-side compromises. Security
experts see significant new trends including "super worms" and XPATH
injection attacks on the horizon.
Over the past two years
virus writers have increasingly targeted their malicious programs to users
in different regions of the globe, creating programs that are specially
designed to infect users in countries like
In 2006, only a small
percentage of attackers employed camouflaging techniques, but this number
soared to 80 percent during the first half of 2007, and reached nearly 100
percent by the end of the year. The X-Force believes the criminal element
will contribute to a proliferation of attacks in 2008.
In the last ten years, the
risks for enterprise security have grown steadily and new types of attacks
have appeared. These are often combinations of viruses, Trojans or other
malware from a wide range of anonymous sources. At the same time,
enterprise networks are growing ever more complex. A large number of
servers are dedicated to a variety of tasks, while virtualisation combines
multiple systems into one – and compliance with legal requirements must
simultaneously be assured. All these demands have made it increasingly
difficult to protect IT environments.
The underlying trend to note
was the spread of malicious activity across various forms of technology
and applications during the six-month period. It would appear that the
parties behind orchestrating security attacks are conquering more and more
foothold to build a stronger, sustainable commercial economy based on
carefully crafted security attacks targeting consumers, companies and
public sector organisations.
Today's attackers are
increasingly sophisticated and organized, and have begun to adopt methods
that are similar to traditional software development and business
practices. Phishing toolkits are available to help novice attackers
quickly get set up. Phishers do everything they can to make their "bait"
more convincing - use of current events, typo-free, professional looking.
Professional attack kits, like MPack, appear to be professionally written and developed,
and available for sale online. Attackers continue to use bots to silently
slip onto unsecured computers and perpetrate a wide variety of malicious
activity.
|