So who do you believe? What are the biggest exposure points that you should be wary of. In specific, where should we focus our defenses in our PC environments?
Here are some recent assertions about what you should be concerned about...
Here are some recent assertions about what you should be concerned about...
Forbes.com, “Top 10 Security Issues That Will Destroy Your Computer In 2013”
- Targeted Attacks
- VIRUSES
- TROJANS
- WORMS
- SPYWARE
- Fake software
- Phishing
- Drive-by downloads are automatic attacks
- Ransomware
- Rootkits
- Botnets
One Billion Chime In...
So forget what you’ve been told,
Microsoft's latest Security Intelligence Report, released Wednesday, is based
on data collected in the last half of 2012 from a billion Windows computers in
more than 100 countries. The data was collected through Microsoft's Malicious
Software Removal Tool, Microsoft's real-time endpoint protection products,
Hotmail accounts and Bing.
A key finding is that browser
attacks became the greatest threat to enterprise networks, surpassing
Conficker, a computer worm that infected more computers than any other since
2003's Welchia. At its height, the self-propagating malware that exploits flaws
in Windows software infected millions of computers in homes, businesses and
government agencies in more than 200 countries.
Today, Conficker has taken a
backseat to Web-based attacks through the browser. The use of malicious
JavaScript code and HTML inline frames (iFrames) topped the list of exploits.
Both have gained in popularity because of the development tools available
through the BlackHole exploit kit popular with cybercriminals.
The use of iFrames registered a
multi-quarter decline until the fourth quarter of last year, when detection
rates nearly doubled, Microsoft said. Hackers who embed iFrames in Web pages
use them to link to pages that host malware. Seven in 10 threats affecting
enterprises were delivered through malicious websites, according to Microsoft.
Attackers have been increasingly
targeting the browser over the last couple of years, so it's no
surprise that
these types of exploits would eventually take the lead. The trend points to the
need to develop a different mechanism for interacting with the Web.
While Microsoft remains committed
to Internet Explorer, the company is experimenting with a client-side
architecture that would replace the browser with a more secure virtualized
environment that isolates Web applications. Called Embassies, the technology
would have applications run in low-level, native-code containers that would use
Internet addresses for all external communications with other applications.
"Reducing the power and
access of the browser to the OS is a great way to minimize the attack
possibilities of the hacker," said Wolfgang Kandek, chief technology
officer for Qualys.
On the PC, companies can bolster
browser security by always using the latest version and minimizing the use of
plugins, particularly Java and Adobe Reader. In addition, filtering Web
browsing through a third-party service that track malicious URLs is also
recommended, along with user education about Web threats.
The second most popular exploit
was PDF and Word documents, followed by Java and the Windows operating system,
respectively.
Source(s):
Source(s):
So “Once more unto the breach, dear friends, once more;”
____________________________________________________________
About Rick Ricker
An IT professional with over 21 years experience in Information Security, wireless broadband, network and Infrastructure design, development, and support.
For more information, contact Rick at (800) 399-6085
No comments:
Post a Comment
Thanks for your input, your ideas, critiques, suggestions are always welcome...
- Wasabi Roll Staff