Menu
Popular programmes suffer wave of internet attacks

Popular programmes suffer wave of internet attacks

Internet criminals are increasingly targeting popular applications like backup software and web browsers instead of the operating systems that run them, according to a new report from government and industry security experts.

Attackers are targeting backup and recovery programmes, as well as "the antivirus and other security tools that most organisations think are keeping them safe," according to the SANS Top 20 report for 2005, released yesterday. The shift toward finding and exploiting vulnerabilities in programmes represents a major change from past years, when Windows and other operating systems and internet services like web and email servers were the preferred targets.

"A new wave of attacks concentrated on application programs" in 2005, the report states.

Popular software at risk

In addition to holes in security and backup programmes, critical vulnerabilities in instant messaging programmes, web browsers, file sharing applications, and media players are all listed among the Top 20.

And those vulnerabilities are drawing all the wrong sorts of attention. According to SANS, unwanted network traffic targeting Symantec Veritas BackupExec rocketed to 500,000 instances within days of an announced security hole in the product, up from a previous maximum of about 50,000 instances.

Symantec wasn't alone. Microsoft Office, Internet Explorer, Firefox, and AOL Instant Messenger also suffered from serious reported vulnerabilities, as did RealPlayer and iTunes. Also, according to a previous report from the Yankee Group, the number of flaws reported in antivirus and other security programs is increasing at a far faster rate than for Windows.

Opportunities for criminals

Applications represent an increasingly attractive target because operating systems and internet services have become more resilient after years of steady attacks. Many programs, on the other hand, lack any means for automatic programme updates. The delay between an announced vulnerability and the time that an administrator or home user manually updates the software represents a window of opportunity for internet criminals.

New awareness of critical security holes in the network devices that guide internet traffic represents the second important shift in the Top 20, according to the report.

"Compromises of network devices can provide attackers one of the most fruitful platforms for eavesdropping and launching targeted attacks," it states.

Government organisations within the United States, the United Kingdom, and Canada all contributed to the report, as did internet security companies TippingPoint and Qualys. The SANS Institute has been producing the Top 20 report since 2000.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Featured

Slideshows

Meet the leading female front runners of the Kiwi channel

Meet the leading female front runners of the Kiwi channel

Reseller News honoured the leading female front runners of the New Zealand channel at the 2018 Women in ICT Awards (WIICTA) in Auckland. The awards honoured standout individuals across seven categories, spanning Entrepreneur; Innovation; Rising Star; Shining Star; Community; Technical and Achievement.

Meet the leading female front runners of the Kiwi channel
Meet the top performing customer-centric Microsoft channel partners

Meet the top performing customer-centric Microsoft channel partners

Microsoft honoured leading partners across the channel following a year of customer innovation and market growth in New Zealand. The 2018 Microsoft Partner Awards recognised excellence within the context of the end-user, spanning a host of emerging and established providers.

Meet the top performing customer-centric Microsoft channel partners
Reseller News launches new-look Awards at 2018 Judges’ Lunch

Reseller News launches new-look Awards at 2018 Judges’ Lunch

Introducing the Reseller News Innovation Awards, launched to the channel at the 2018 Judges’ Lunch in Auckland. With more than 70 judges now part of the voting panel, the new-look awards will reflect the changing dynamics of the channel, recognising excellence across customer value and innovation - spanning start-ups, partners, distributors and vendors.

Reseller News launches new-look Awards at 2018 Judges’ Lunch
Show Comments