Targeted Attacks, DNS Issues Hit Home in New CSI Report
Sunday, October 5, 2008 at 01:14 From: http://www.darkreading.com/  |
| Insider abuse shows marked drop-off in 13th annual survey by Computer Security Institute |
|
|
OCTOBER 3, 2008 | 5:25 PM By Tim Wilson Enterprises are beginning to feel the heat from two emerging classes of exploits that have emerged over the past year: targeted attacks and DNS vulnerabilities, according to a new study scheduled to be released next week. The Computer Security Institute is preparing to release its 13th annual Computer Crime and Security Survey, which outlines the attitudes and experiences of more than 500 enterprise security professionals over the course of the last year. The full CSI report will be revealed in a webcast to be held on Oct. 8. In a preview of the report, CSI director Robert Richardson said he was struck by the fact that 27 percent of the respondents to the 2008 survey indicated that their enterprises had been hit by a targeted attack -- defined as a malware attack aimed exclusively at the enterprise or at a small subset of the general business population --during the last year. "We've heard a lot of warnings from security researchers about targeted attacks, but what this data says to me is that these attacks are really happening," Richardson says. "They may have been hypothetical a few years ago, but these are a reality today." A similar reality is emerging in the Domain Name Server space, where the recent discovery of design flaws in the Internet's basic naming structure have allowed attackers to develop a new class of exploits. (See Vendors Issue Massive Simultaneous Patch for Common Internet Flaw.) Approximately 10 percent of CSI survey respondents said they have experienced DNS-related incidents, up 2 percent from last year. |
View Printer Friendly Version
Email Article to Friend