In the nearly six months since the release of its last Top 20 vulnerabilities list, the SANS Institute has observed...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
a sharp spike in zero-day flaws, many of them in programs long considered to be safe alternatives to Windows.
SANS researchers also saw a sizable increase in financially motivated zero-day attacks, as well as an ongoing problem with attacks exploiting Web application flaws.
"We've observed 80-90 flaws in Web applications a week," said Rohit Dhamankar, project manager for the SANS Top 20 effort and lead security architect for the TippingPoint division of Marlborough, Mass.-based 3Com Corp. "Immediately after the flaw is disclosed, public exploit code emerges that can compromise back-end data or the Web server quite easily."
The Bethesda, Md.-based institute noted eight trends in its spring update of the Top 20 vulnerabilities list:
The institute described spear phishing as an activity in which the attacker sends an e-mail to as many as one hundred employees. That e-mail appears to be sent by a senior officer and orders the recipient to download a piece of software, implying it is required for security.
"The software is actually a Trojan horse that escapes from the victim's computer, roams through the [network] … gathers and infiltrates important data and leaves a back door through which the attackers can return," the institute said.