The U.S. security company SANS Institute has posted a new half-year report on the key threats: Top Cyber Security Risks.
Here they note that the security people prioritize error: vulnerable they are most concerned to fix, is the data that criminals are at least keen to exploit.
The report analyzes the SANS security data from two different sources, highlighting the issues from each side. All data is the period from March to August this year.
From TippingPoint, they have taken data about the actual attack. The data is where TippingPoint 6000 business customers have seen the attack.
From Qualys, a specialist in vulnerability management, they have data on the most widespread security holes in nine million computers with their customers.
The main finding is that the computer criminal is focused primarily on exploiting vulnerabilities in popular client applications such as Adobe PDF Reader, Quick Time, Adobe Flash and Microsoft Office and web applications posted on the servers on the Internet. Far fewer successful attacks exploiting vulnerabilities in Windows or other operating systems. The one major exception in the first half was Conficker/Downadup. It is still popular to attack the unsafe buffers in Windows, while very few of these attacks succeed because most organizations have in place effective arrangements as quickly seals newly discovered holes in operating systems.
According to data from Qualys takes now an average 15 days of a vulnerability in an operating system is known to half of corporate customers have installed the fix. For client applications such as Flash and Java, this period is 90 days.
Four of the thirty most widespread security holes with Qualys' customers were Java errors that have been effective fixes since 2007.
Web applications will be attacked through cross scripting and SQL injection. SANS Institute notes that most companies fail to scan for such things.
- Attacks against web applications constitute more than 60 percent of attacks over the Internet, "states SANS, and adds: - Web application vulnerability as SQL-infection and cross scripting in open source and custom applications account for more than 80 percent of discovered vulnerabilities.
Also attacks based on PHP File Include the raw guessing the password used to compromise web servers.
Web servers with SQL, FTP, or SSH is vulnerable to automated password guess as much as for attacks against web applications. Outsiders who manage to guess until a couple of user names and passwords come up to fast forward to tap internal information or hack internal devices.
There is so many organizations that fails to secure their web applications and web servers, and that so many clients continue to drive with unsecured applications, is, according to SANS report, the main explanation for the data criminals can achieve very much by post malicious code on known sites. It is also the explanation for the attack in which one wonders people to open documents or web pages with vulnerable applications, is increasingly successful, as seen from the criminal side.
SANS Institute believes companies should implement two important measures: Ensure ongoing patching of client applications such as Adobe PDF Reader, Quick Time, Adobe Flash and Microsoft Office, and guard against SQL injection and cross scripting on their websites.
This is the thirty most important application-related vulnerabilities that we should have.
1. WordPad and Office Text Converters Remote Code ExecutionVulnerability (MS09-010)
2. Sun Java Multiple Vulnerabilities (244988 and others)
3. Sun Java Web Start Multiple Vulnerabilities May Allow Elevation'of Privileges(238905)
4. Java Runtime Environment Virtual Machine May Allow Elevation of Privileges (238967)
5. Adobe Acrobat and Adobe Reader Buffer Overflow (APSA09-01)
6. Microsoft SMB Remote Code Execution Vulnerability (MS09-001)
7. Sun Java Runtime Environment GIF Images Buffer Overflow Vulnerability
8. Microsoft Excel Remote Code Execution Vulnerability (MS09-009)
9. Adobe Flash Player Update Available to Address Security Vulnerabilities (APSB09-01)
10. Sun Java JDK JRE Multiple Vulnerabilities (254569)
11. Microsoft Windows Server Service Could Allow Remote Code Execution (MS08-067)
12. Microsoft Office PowerPoint Could Allow Remote Code Execution (MS09-017)
13. Microsoft XML Core Services Remote Code Execution Vulnerability (MS08-069)
14. Microsoft Visual Basic Runtime Extended Files Remote Code Execution Vulnerability (MS08-070)
15. Microsoft Excel Multiple Remote Code Execution Vulnerabilities (MS08-074)
16. Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (MS09-028)
17. Microsoft Word Multiple Remote Code Execution Vulnerabilities (MS08-072)
18. Adobe Flash Player Multiple Vulnerabilities (APSB07-20)
19. Adobe Flash Player Multiple Security Vulnerabilities (APSB08-20)
20. Third Party CAPICOM.DLL Remote Code Execution Vulnerability
21. Microsoft Windows Media Components Remote Code Execution Vulnerability (MS08-076)
22. Adobe Flash Player Multiple Vulnerabilities (APSB07-12)
23. Microsoft Office Remote Code Execution Vulnerability (MS08-055)
24. Adobe Reader JavaScript Methods Memory Corruption Vulnerability (APSA09-02 and APSB09-06)
25. Microsoft PowerPoint Could Allow Remote Code Execution (MS08-051)
26. Processing Font Vulnerability in JRE May Allow Elevation of Privileges(238666)
27. Microsoft Office Could Allow Remote Code Execution (MS08-016)
28. Adobe Acrobat/Reader "util.printf()" Buffer Overflow Vulnerability (APSB08-19)
29. Adobe Acrobat and Adobe Reader Multiple Vulnerabilities (APSB08-15)
30. Windows Schannel Security Package Could Allow Spoofing Vulnerability (MS09-007)
