| Cyber-Security threats are always evolving as | | | | being discovered. |
| hackers, spammers and other forms of online | | | | The greatest problem with this is that despite a |
| criminality adapt to the changing security | | | | large amount of publicity and publicly available |
| environment of business networks. The | | | | information about the vulnerabilities of web based |
| exponentially growing and overlapping deluge of | | | | applications both open source and custom scripts, |
| cyber-attacks on governments and companies | | | | yet website owners fail to scan for them and |
| being targeted by criminals and nation-states | | | | therefore become unwitting tools for online |
| seeking economic or military advantage is | | | | criminals. |
| becoming so large that those responsible for | | | | The two main methods of exploiting and |
| security are having trouble identifying which new | | | | compromising servers is brute force password |
| threats should take priority in their threat | | | | guessing and web application attacks. Microsoft |
| management regimes. | | | | SQL, FTP, and SSH servers are popular targets |
| We have compiled a quick and plain language | | | | for password guessing attacks because of the |
| report that leverages information gained from | | | | access that is gained if a valid username |
| recent reporting from Symantec, Trend Micro and | | | | password pair is identified. SQL Injection, |
| AWD to help you identify the latest trends in | | | | Cross-site Scripting and PHP File Include attacks |
| threats to cyber-security. | | | | continue to be the three most popular techniques |
| Patch Your Third Party Applications | | | | used for compromising web sites. Automated |
| Large amounts of targeted emails, known as | | | | tools, designed to target custom web application |
| spear-phishing, are exploiting vulnerabilities found in | | | | vulnerabilities, make it easy to discover and infect |
| many commonly used third party applications. | | | | several thousand web sites. |
| Statistically, commonly used third party | | | | "Attack Kit" Availability Attracts Novice Hackers |
| applications are more vulnerable to being exploited | | | | The ease of which novice hackers can now get |
| than operating systems because patches for | | | | into the dark hacking arts is attributed to the |
| these applications are released slower than | | | | availability of "attack kits". These kits lower the |
| operating system. | | | | bar to entry into the shadowy world of Internet |
| The majority of brands used in phishing attacks | | | | attacks. Many of these kits also allow the creation |
| this quarter (April – June 2010) were in the | | | | of thousands of variants of known Trojans and |
| financial sector, which accounted for 73 percent | | | | other malicious scripts. Because of all the variants, |
| of the total. | | | | companies need to use additional security |
| The solution to this is to keep your third party | | | | measures on top of signature-based detection |
| applications up to date as much as possible to | | | | methods, according to Symantec. |
| ensure that any new vulnerability is not putting | | | | Underground Economy Not Affected by Economic |
| computers at risk. Also, do not click on links within | | | | Downturn |
| emails that are supposedly received from your | | | | While the real economy is affecting household |
| third party software vendor. Instead, go directly | | | | incomes around the world, the underground |
| to the vendor's website from your browser by | | | | economy is as big as ever. One trend to emerge |
| typing the web address in your browser or a | | | | from the economic situation is that social |
| bookmark in your web browser. On average, | | | | engineering techniques have shifted to taking |
| major organizations take at least twice as long to | | | | advantage of people facing economic hardships. |
| patch client-side vulnerabilities as they take to | | | | Phishing and spam attacks involved |
| patch operating system vulnerabilities. On average, | | | | advertisements and Web sites pertaining to |
| major organizations take at least twice as long to | | | | refinancing loans, reducing credit card debt, credit |
| patch client-side vulnerabilities as they take to | | | | counselling and the like. |
| patch operating system vulnerabilities. | | | | This can also lead to more network vulnerabilities |
| According to Symantec, the top Web-based | | | | due to tight Internet security budgets. |
| attack for the quarter was related to malicious | | | | Protect Your Business from Cyber-Attacks |
| Adobe PDF activity, which accounted for 36 | | | | These days, leaving your cyber security to |
| percent of the total. | | | | chance means infection is inevitable. The above |
| Web-Based Attacks | | | | information is a very brief guide to what |
| Of the total attacks observed on the Internet, | | | | vulnerabilities are being exploited more recently |
| 60% involve attacks on web based applications. | | | | worldwide. |
| These widely deployed exploits are turning | | | | AWD is at the forefront of the Internet and |
| previously trusted website into malicious websites | | | | business LAN/wireless security industry in |
| serving content containing client-side malware. | | | | Melbourne, Australia. Providing firewall installation |
| Web application vulnerabilities such as SQL | | | | and configuration, anti-virus and anti-spam, data |
| injection and Cross-Site Scripting flaws in | | | | backup and recovery, mobile phone security, |
| open-source as well as custom-built applications | | | | network security audits, pro-active monitoring and |
| account for more than 80% of the vulnerabilities | | | | threat response. |