Information Technology Articles Web Solutions Articles AWD Melbourne

You are here: Media Articles   

Top Current Cyber-Security Threats

Cyber-Security threats are always evolving as hackers, spammers and other forms of online criminality adapt to the changing security environment of business networks. The exponentially growing and overlapping deluge of cyber-attacks on governments and companies being targeted by criminals and nation-states seeking economic or military advantage is becoming so large that those responsible for security are having trouble identifying which new threats should take priority in their threat management regimes.

We have compiled a quick and plain language report that leverages information gained from recent reporting from Symantec, Trend Micro and AWD to help you identify the latest trends in threats to cyber-security.

Patch Your Third Party Applications

Large amounts of targeted emails, known as spear-phishing, are exploiting vulnerabilities found in many commonly used third party applications. Statistically, commonly used third party applications are more vulnerable to being exploited than operating systems because patches for these applications are released slower than operating system.

The majority of brands used in phishing attacks this quarter (April – June 2010) were in the financial sector, which accounted for 73 percent of the total.

The solution to this is to keep your third party applications up to date as much as possible to ensure that any new vulnerability is not putting computers at risk. Also, do not click on links within emails that are supposedly received from your third party software vendor. Instead, go directly to the vendor’s website from your browser by typing the web address in your browser or a bookmark in your web browser. On average, major organizations take at least twice as long to patch client-side vulnerabilities as they take to patch operating system vulnerabilities. On average, major organizations take at least twice as long to patch client-side vulnerabilities as they take to patch operating system vulnerabilities.

According to Symantec, the top Web-based attack for the quarter was related to malicious Adobe PDF activity, which accounted for 36 percent of the total.

Web-Based Attacks

Of the total attacks observed on the Internet, 60% involve attacks on web based applications. These widely deployed exploits are turning previously trusted website into malicious websites serving content containing client-side malware. Web application vulnerabilities such as SQL injection and Cross-Site Scripting flaws in open-source as well as custom-built applications account for more than 80% of the vulnerabilities being discovered.

The greatest problem with this is that despite a large amount of publicity and publicly available information about the vulnerabilities of web based applications both open source and custom scripts, yet website owners fail to scan for them and therefore become unwitting tools for online criminals.

The two main methods of exploiting and compromising servers is brute force password guessing and web application attacks. Microsoft SQL, FTP, and SSH servers are popular targets for password guessing attacks because of the access that is gained if a valid username/password pair is identified. SQL Injection, Cross-site Scripting and PHP File Include attacks continue to be the three most popular techniques used for compromising web sites. Automated tools, designed to target custom web application vulnerabilities, make it easy to discover and infect several thousand web sites.

“Attack Kit” Availability Attracts Novice Hackers

The ease of which novice hackers can now get into the dark hacking arts is attributed to the availability of “attack kits”. These kits lower the bar to entry into the shadowy world of Internet attacks. Many of these kits also allow the creation of thousands of variants of known Trojans and other malicious scripts. Because of all the variants, companies need to use additional security measures on top of signature-based detection methods, according to Symantec.

Underground Economy Not Affected by Economic Downturn

While the real economy is affecting household incomes around the world, the underground economy is as big as ever. One trend to emerge from the economic situation is that social engineering techniques have shifted to taking advantage of people facing economic hardships. Phishing and spam attacks involved advertisements and Web sites pertaining to refinancing loans, reducing credit card debt, credit counselling and the like.

This can also lead to more network vulnerabilities due to tight Internet security budgets.

Protect Your Business from Cyber-Attacks

These days, leaving your cyber security to chance means infection is inevitable. The above information is a very brief guide to what vulnerabilities are being exploited more recently worldwide.

AWD is at the forefront of the Internet and business LAN/wireless security industry in Melbourne, Australia. Providing firewall installation and configuration, anti-virus and anti-spam, data backup and recovery, mobile phone security, network security audits, pro-active monitoring and threat response.

Don’t leave your valuable business data open to criminals, give AWD a call today.

Read more about AWD's Network and Internet Security services