Businesses face new breed of security threats

By Tim Ferguson, Special to ZDNet Asia
Friday, April 11, 2008 06:16 AM

"Pass the hash" and "metasploit" are two of a breed of emerging security threats facing corporate IT departments.

The key security threats facing businesses range from mutations of established phenomena--such as malware or phishing--to less well-known ones, such as metasploit releases and pass-the-hash attacks.

The most dangerous new security threats were revealed by experts at the RSA security conference in San Francisco this week.

Ed Skoudis, a hacking expert at the Sans Institute, said most security threats stem from the fact that so many applications are now linked to the Internet.

He said: "We've Web-ified all applications."

Among the less familiar new threats are metasploit releases, which target networks by simultaneously attacking a number of vulnerabilities (up to 200) on different platforms, including Windows, Linux and the iPhone.

Pass-the-hash attacks, which use stolen password hashes to access other systems in a targeted network--avoiding more time-consuming password-cracking--were also singled out.

Although this approach has been around for some time, it is only now that it's becoming prevalent. Skoudis said: "These attacks have been around for years but now the tools are out there."

Web site attacks, which plant browser exploits to compromise users, are also becoming more of a problem, as they are able to target well-known, high-traffic sites.

A major threat is browser scripting attacks, which use Web browsers to get through corporate firewalls, allowing access to confidential information.

While not a new threat, the development of botnets remains a big security concern because the "fast flux" approach used by attackers to protect their robotic networks is making the life of botnet investigators difficult.

The security experts also warned about the threat of malware being spread through the use of embedded devices, such as memory sticks--now one of the main ways harmful code is brought into businesses.

Tim Ferguson of Silicon.com reported from London.

0

0 votes

Save to My Library

Talkback 0 comments

There are currently no comments for this post.

Reply to story

Related Whitepapers

Featured Whitepapers

Tech Jobs Now!

TechGuides

Specials
News and Interviews
Whiteboard

UOB banks on economic downturn
Singapore bank's IT chief Susan Hwee explains how financial crisis offers new opportunities to reengineer
Play video
Domino's Pizza keeps customers eating
CEO Don Meij discusses strategy to grow customer base
Play video

Salesforce CEO chatters about new social media platform
Facebook-type app hits the enterprise
Play video
Salesforce demos Service Cloud 2
New Web-based tools for customer service
Play video

Cost Effective, Secure and HA Server Infrastructure for SMBs
Alan Wan from Dell illustrates how small and medium businesses can build a high availability IT infrastructure without requiring heavy investments on skills and resources.
Play video
Enterprise 2.0
Vince Casarez, vice president of product management at Oracle, explains how Web 2.0 technologies, such as tags, wikis, and mash-ups, can be applied within an organization.
Play video