CGISecurity Logo

Topics

Tags

Top 9 Network Security Threats in 2009

Posted by Robert A on

|

"Malware, especially from compromised web sites, was a huge issue in
2008. Many legitimate sites such as MSNBC.com, History.com, ZDNet.com
and many others suffered compromises, in some cases for days. Unlike
the past, the sites looked normal, but unsuspecting web surfers with
vulnerable systems were exploited when they visited these sites.

Search engines were used, such as Google, to compromise systems. This happened in several ways, including:
– Tricking the search engine indexing and results logic to escalate
malicious web sites to the top of the list where users were more likely
click on it.
– Using the "paid for" or "sponsored links" areas of search engines to direct users to compromised sites.

As
predicted, hackers towards compromising end points (individual systems
such as desktops, laptops and servers) and placed less emphasis on
external direct attacks – although this still happens frequently.

On the flip side, we expected botnets to play a larger role in 2008. While botnets increased in size, scope, and sophistication, they weren't used to the scale expected. Basically, botnet controllers were sowing more and reaping less in 2008.

Also, out of the blue, we had the whole DNS exploit issue come back
from the dead. We saw a lot of these in the 90's when DNS was first
used and then we went nearly a decade without many DNS flaws. I don't
think anyone expected a core DNS vulnerability on a worldwide scale.
The good news is that very few known cases of serious exploits
occurred.

Vista had fewer serious security vulnerabilities
than expected. This may be because so few people are migrating to Vista
and many even downgraded to XP. I imagine that if more people were
using Vista, 1) we would find more vulnerabilities and 2) more
attackers would spend time trying to exploit it. Attackers are all
about bang for the buck. If most people are still using XP, they will
focus on XP. It is just that simple."

Here's the list.

#1. Malicious Insiders – Rising Threat 

#2. Malware – Steady Threat

#3. Exploited Vulnerabilities -Weakening Threat

#4. Social Engineering – Rising Threat

#5. Careless Employees– Rising Threat

#6. Reduced Budgets – Rising Threat

#7. Remote Workers – Steady Threat

#8. Unstable Third Party Providers – Strong Rising Threat

#9. Downloaded Software Including Open Source & P2P Files – Steady Threat

Read more: http://www.csoonline.com/article/472866/Top_Network_Security_Threats_in_

Favorite Links

Twitter

Twitter

Popular Pages

WASC Threat Classification

Copyright 2000-2026 CGISecurity.com – The oldest application security site online, predating OWASP.