Twelve cyber security experts identified and ranked the most damaging and likely attacks to be faced in cyberspace in 2008. Experts included Stephen Northcutt, Ed Skoudis, Marc Sachs, Johannes Ullrich, Tom Liston, Eric Cole, Eugene Schultz, Rohit Dhamankar, Amit Yoran, Howard Schmidt, Will Pelgrin, and Alan Paller.
1. Attacks That Exploit Browser Vulnerabilities and Trusted Web Sites
Attacks increasingly target browser components, such as Flash and QuickTime, because they are not automatically patched when a browser is enhanced with security upgrades. These experts predict more sophisticated attacks that cycle through multiple exploits or disguised threats that attack visitors of trusted websites that convey an assumption of privacy or security.
2. Attack of the Botnets
Deceptive emails with attention-grabbing subject lines that infect an opener with computer worms will use â€œpeer-to-peer controlâ€ that corrupts the userâ€™s computer instead of relying on a central controller. SANS cites the Storm Worm as an example of whatâ€™s to come, but with more veracity.
3. Cyber Espionage seeking large amounts of data using phishing techniques
Nation-state attacks on government systems will expand, seeking more targets and employing greater sophistication. Attackers are expected to exploit newly discovered vulnerabilities in Microsoft Office and techniques that dupe virus checking software.
4. iPhones and VOIP Beware
Since mobile phones are computers â€“ and increasingly ubiquitous â€“ worms, viruses, and other malware will target them. Vulnerabilities of VoIP phones are widely published on the Net, along with attack tools to exploit these vulnerabilities. The experts see these as a target of choice.
5. Insider Attacks
â€œGoing Postalâ€ may look more like a hacker attack in new cyber era. Disgruntled employees with some tech savvy can attack their employers from the inside, but cyber warfare also enables them to attack from afar with their insider knowledge and legitimately granted access.
The remaining five of the Top 10 cyber security threats from the SANS Institute:
6. Advanced Identity Theft from Persistent Bots
7. Increasingly Malicious Spyware
8. Web Application Security Exploits
9. Increasingly Sophisticated Social Engineering Including Blending Phishing with VOIP and Event Phishing
10. Supply Chain Attacks Infecting Consumer Devices (USB Thumb Drives, GPS Systems, Photo Frames, etc.) Distributed by Trusted Organizations