Menu
Popular programmes suffer wave of internet attacks

Popular programmes suffer wave of internet attacks

Internet criminals are increasingly targeting popular applications like backup software and web browsers instead of the operating systems that run them, according to a new report from government and industry security experts.

Attackers are targeting backup and recovery programmes, as well as "the antivirus and other security tools that most organisations think are keeping them safe," according to the SANS Top 20 report for 2005, released yesterday. The shift toward finding and exploiting vulnerabilities in programmes represents a major change from past years, when Windows and other operating systems and internet services like web and email servers were the preferred targets.

"A new wave of attacks concentrated on application programs" in 2005, the report states.

Popular software at risk

In addition to holes in security and backup programmes, critical vulnerabilities in instant messaging programmes, web browsers, file sharing applications, and media players are all listed among the Top 20.

And those vulnerabilities are drawing all the wrong sorts of attention. According to SANS, unwanted network traffic targeting Symantec Veritas BackupExec rocketed to 500,000 instances within days of an announced security hole in the product, up from a previous maximum of about 50,000 instances.

Symantec wasn't alone. Microsoft Office, Internet Explorer, Firefox, and AOL Instant Messenger also suffered from serious reported vulnerabilities, as did RealPlayer and iTunes. Also, according to a previous report from the Yankee Group, the number of flaws reported in antivirus and other security programs is increasing at a far faster rate than for Windows.

Opportunities for criminals

Applications represent an increasingly attractive target because operating systems and internet services have become more resilient after years of steady attacks. Many programs, on the other hand, lack any means for automatic programme updates. The delay between an announced vulnerability and the time that an administrator or home user manually updates the software represents a window of opportunity for internet criminals.

New awareness of critical security holes in the network devices that guide internet traffic represents the second important shift in the Top 20, according to the report.

"Compromises of network devices can provide attackers one of the most fruitful platforms for eavesdropping and launching targeted attacks," it states.

Government organisations within the United States, the United Kingdom, and Canada all contributed to the report, as did internet security companies TippingPoint and Qualys. The SANS Institute has been producing the Top 20 report since 2000.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Brand Post

Featured

Slideshows

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

Hundreds of leaders from the New Zealand IT industry gathered at the Hilton in Auckland on 17 November to celebrate the finest female talent in the Kiwi channel and recognise the winners of the Reseller News Women in ICT Awards (WIICTA) 2020.

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards
Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

The leading female front runners of the New Zealand ICT industry joined together for the annual Reseller News Women in ICT Awards event at the Hilton in Auckland, during which hundreds of guests celebrated 13 outstanding individuals who won awards, chosen from more than 50 finalists representing over 30 organisations.

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards
Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

More than 500 channel leaders gathered in Auckland on 21 October at the ​Reseller News Innovation Awards ​2020 to celebrate the achievements of the New Zealand technology industry's top partners, start-ups, vendors, distributors and individuals.

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners
Show Comments