SANS: Multiple-exploit attacks on trusted sites tops ’08 threat list | SC Media
Breach, Mobile

SANS: Multiple-exploit attacks on trusted sites tops ’08 threat list

January 15, 2008

Attack tools cycling through multiple exploits and targeting trusted websites, increasingly sophisticated botnets, and cyberespionage from China and other nations that deploys targeted spear phishing to steal large amounts of data are the most significant threats to be faced 2008, according to SANS Institute's annual Top 10 list of security menaces.

 

The SANS list, released Monday, also includes threats to mobile phones (particularly iPhones); insider attacks; advanced identity threat from “persistant” bots; increasingly malicious spyware; web application security exploits; social engineering that blends phishing with VOIP and event phishing; and supply-chain attacks infecting consumer devices distributed by trusted organizations.

 

SANS cited increasingly sophisticated attacks that exploit browser vulnerabilities on trusted websites as the top-rated cyber menace on its list, which relects the consensus view of a panel of 12 internet security experts.

 

The institute also bluntly warned that state-directed data theft espionage from China and other countries will expand in 2008, "[with] more targets and increased sophistication [that] will mean many successes for the attackers.”

 

According to the SANS report, China and other nation-states engineered massive penetration of federal agencies and defense contractors in the United States in 2007, resulting in the theft of terabytes of data.

 

“Economic espionage will be increasingly common as nation-states use cyber theft of data to gain economic advantage in multinational deals,” SANS warned, adding that targeted spear phishing utilizing socially engineered attachments likely will be the method of choice used in these espionage efforts.

 

Regarding the top-rated threat on its 2008 list, the institute warned that attacks on browsers now constitute a two-pronged offensive: attackers are targeting components, such as Flash and QuickTime, that are not automatically patched when the browser is patched; more ominiously, attackers also are mounting attacks based on scripts that cycle through multiple exploits.

 

 “[These scripts] cycle to even more sophisticated attacks that increasingly utilize packaged modules that can effectively disguise their payloads,” SANS warned in its report, entitled “Top Ten Cyber Security Menaces for 2008.”

 

SANS noted that one recent module, mpack, has been able to exploit up to 25 percent of the browsers that visit trusted sites infected with the module, which placed exploit code on these trusted sites.

“Placing better attack tools on trusted sites is giving attackers a huge advantage over the unwary public,” according to the SANS report.    

 

Regarding botnets, SANS predicted that more sophisticated variants of the notorious Storm worm are likely to emerge this year. The Storm trojan, which features peer-to-peer control (and therefore has no central controller that can be taken down), has been used by its creators to fuel the growth of a huge army of zombie computers that have been deployed in a variety of criminal enterprises, most recently in phishing attacks on major banks.

 

“In 2008, additional variants and continually increasing sophistication will keep this worm and other even more sophisticated worms near the top of any list of menaces,” the Institute report stated.


The panel of security experts who compiled the SANS top 10 threat list included Stephen Northcutt, Ed Skoudis, Marc Sachs, Johannes Ullrich, Tom Liston, Eric Cole, Eugene Schultz, Rohit Dhamankar, Amit Yoran, Howard Schmidt, Will Pelgrin, and Allan Paller. 

prestitial ad