By Byron Acohido, USA TODAY
Two cybersecurity surveys released Monday underscore an ominous shift
in Web intrusions: They are becoming more stealthy and targeted -- and
honed to make a quick buck.
Profit-minded intruders are increasingly carrying out "zero-day"
attacks that exploit new security vulnerabilities on the same day such
flaws become generally known, weeks before patches are available,
according to The SANS Institute security training center.
Security experts say there is no protection against such
intrusions. "A zero-day attack takes you through the M&M shell you
have around your computer into the soft chewy center," says Scott
Carpenter, security lab director at Secure Elements. "It bypasses all
the security you've put in place."
The pattern breaks from the hacker tradition of swamping the Internet
with nuisance viruses mainly for bragging rights. "We're losing the
tsunami effect and instead getting wave after wave of smaller, more
intense attacks to get on your machine and steal useful information,"
says Vincent Weafer, senior director of Symantec Security Response.
Meanwhile, identity data held by corporations and government agencies
is being widely exposed on the Web by unsuspecting insiders, according
to a survey of 100 organizations by security firm Reconnex. "For the
most part, it's good people doing bad things unintentionally," says
Reconnex CEO John Peters. "If the data does get into the wrong hands,
it could be damaging."
Among key survey findings:
. Insider exposure. An estimated 78% of companies expose Social
Security numbers in a way that the data can be leaked, while 40% of
companies expose credit card numbers, Reconnex says.
. Applications targeted. Attackers have begun probing software
programs, such as Apple QuickTime/iTunes, Windows Media Player and
Macromedia Flash Player for security holes. They've also targeted
database-storage applications, such as Oracle and Veritas Backup, SANS
says.
. Browsers under siege. In recent months, Apple, long thought immune
to intruders, has issued two patches to quell attacks of its Safari
Web browser; Microsoft has had to scramble to patch three Internet
Explorer zero-day attacks; and Firefox has been patched 11 times, SANS
says.
Copyright 2006 USA TODAY, a division of Gannett Co. Inc.
NOTE: For more telecom/internet/networking/computer news from the
daily media, check out our feature 'Telecom Digest Extra' each day at
http://telecom-digest.org/td-extra/more-news.html . Hundreds of new
articles daily. And, discuss this and other topics in our forum at
http://telecom-digest.org/forum (or)
http://telecom-digest.org/chat/index.html
For more news headlines from USA Today, please go to:
http://telecom-digest.org/td-extra/internet-news.html