Homeland Security Watch

News and analysis of critical issues in homeland security

February 11, 2008

SANS Issues Top 10 Cyber Threats for 2008

Filed under: Cybersecurity — by Jonah Czerwinski on February 11, 2008

Twelve cyber security experts identified and ranked the most damaging and likely attacks to be faced in cyberspace in 2008. Experts included Stephen Northcutt, Ed Skoudis, Marc Sachs, Johannes Ullrich, Tom Liston, Eric Cole, Eugene Schultz, Rohit Dhamankar, Amit Yoran, Howard Schmidt, Will Pelgrin, and Alan Paller.

1. Attacks That Exploit Browser Vulnerabilities and Trusted Web Sites
Attacks increasingly target browser components, such as Flash and QuickTime, because they are not automatically patched when a browser is enhanced with security upgrades. These experts predict more sophisticated attacks that cycle through multiple exploits or disguised threats that attack visitors of trusted websites that convey an assumption of privacy or security.

2. Attack of the Botnets
Deceptive emails with attention-grabbing subject lines that infect an opener with computer worms will use “peer-to-peer control” that corrupts the user’s computer instead of relying on a central controller. SANS cites the Storm Worm as an example of what’s to come, but with more veracity.

3. Cyber Espionage seeking large amounts of data using phishing techniques
Nation-state attacks on government systems will expand, seeking more targets and employing greater sophistication. Attackers are expected to exploit newly discovered vulnerabilities in Microsoft Office and techniques that dupe virus checking software.

4. iPhones and VOIP Beware
Since mobile phones are computers – and increasingly ubiquitous – worms, viruses, and other malware will target them. Vulnerabilities of VoIP phones are widely published on the Net, along with attack tools to exploit these vulnerabilities. The experts see these as a target of choice.

5. Insider Attacks
“Going Postal” may look more like a hacker attack in new cyber era. Disgruntled employees with some tech savvy can attack their employers from the inside, but cyber warfare also enables them to attack from afar with their insider knowledge and legitimately granted access.

The remaining five of the Top 10 cyber security threats from the SANS Institute:

6. Advanced Identity Theft from Persistent Bots

7. Increasingly Malicious Spyware

8. Web Application Security Exploits

9. Increasingly Sophisticated Social Engineering Including Blending Phishing with VOIP and Event Phishing

10. Supply Chain Attacks Infecting Consumer Devices (USB Thumb Drives, GPS Systems, Photo Frames, etc.) Distributed by Trusted Organizations

Share and Enjoy:
  • Digg
  • Reddit
  • Facebook
  • Yahoo! Buzz
  • Google Bookmarks
  • email
  • Print
  • LinkedIn


Comment by William R. Cumming

February 11, 2008 @ 9:32 am

This fall will mark 11 years since the “Marsh Commission” (former Air Force General) led the President’s Commission on Critical Infrastructure Protection to break out cyber security from the traditional physical security melange. Not much progress since then since the U.S. Government continues to buy off the shelf product instead of using its clout to buy protected cyber systems. DHS expenditure of over $25B since March 1, 2003 largely spent to destroy legacy systems without fully operating replacements is a scandal. A mere listing of Chief Information Officers, Deputy CIOs, and those involved as appointees with infrastructure cyber protection reveals not just musical chairs but a complete lact of accountability in DHS since March 1, 2003. No real oversight from Congress this year because the DEMS are slavering over the prospects of getting their contractors in place after 2008. No policing of contractor contributions being hidden in contract costs is occuring. Hey, once Rome started to rely on contractor help it staggered and fell from the costs of operations, not the barbarians.

Comment by Christopher Tingus

February 18, 2008 @ 2:37 pm

Thank William R. Cumming for your insight as to the reality of from what I perceive as a very dangerous policy to continue as cyber threat becomes even more sophisticated and more likely.

Obama says that “Our nation is at war” well Senator Obama, today as never before we are in peril as the Democrats and Republicans continue to utilize spin and pr with their respective special interests, however it we the people who are the special interests, the men and women who work everyday to support the local, state and national town hall, state house and Senate and House of Representatives.

For those of us who have had some affiliation to IT/software development, we know the significance of increasing numbers of those wishing to commence cyber attacks on our various computers.

While I cannot find a Presidential candidate who truly wants to outline in detail just how they propose to address the numerous issues before us, I believe that specific bi-partisan US budgetary concerns should be identified with cyber threat at the top of the list with a select other priorities.

It is disheartening to learn that we seem not to acknowledge such given the examples cited and the politicizing that continues.

You can bet that Chinese officials are spending considerable monies in technology. You can bet that those slect few in the Middle East and especially in Iran who understand the significance of the affects of cyber attack.

I am so disgusted at the politics of these two major parties who claim so much compassion for Democracy and the citizen when we continue our stride to become a third world nation!

Wake up America! To the Presidential candidate….give us detail, not buzz words such as change…In Massachusetts, we heard the slogan, Together we can…From Washington, we hear, “Change” while our fiscal and economic policies fail each of us.

We are at war! we are at War! Let us prepare by being prepared. Address our very specific concerns.

It is time to wake up as the technological developments of this century promise much, yet could change society and Life here and everywhere as one could never imagine! We must prioritize our budget expenditures and be accountable for every dollar.

Christopher Tingus
Harwich, MA USA

RSS feed for comments on this post. TrackBack URI

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>