Top 10 security threats in IT
By Binu Paul, SiliconIndia   |   Monday, 25 October 2010, 16:05 IST   |    4 Comments
Printer Print Email Email
Top 10 security threats in IT
Bangalore: As the world of information technology advances, so is the threats to it are becoming increasingly sophisticated. The world recently saw a stealthy malware called Stuxnet which even exploits 4 zero-day vulnerabilities. The IT industry have realized the danger and so increased amount of attention and investments are being done in the area of data security now. Here are the top 10 IT security threats that should be taken care of. The threats are not listed in any order of severity. Malware This is a software designed to secretly access a computer system without the owner's informed consent. A malware can be installed in many ways including the use of client-side software vulnerabilities. Browsers are the main target for vulnerabilities. Data-stealing malware are on increase now and Bancos, Gator, LegMir and Qhost are a few of them. Web site attacks that exploit browser vulnerabilities Web browser exploitation is the main tool for malware installation used by the cyber-criminals. Web browser vulnerabilities are commonly exploited when the user of the vulnerable host visits a malicious Web site. Web browser vulnerabilities are commonly exploited when the user of the vulnerable host visits a malicious Web site. Such attacks depend upon malicious content being rendered by the appropriate built-in interpreter or vulnerable plug-in technology. The attackers are actively placing exploit code on popular, trusted web sites where users have an expectation of effective security. Malicious insider attacks The insider attacks are being done by disappointed employees, consultants and/or contractors of an organization. A complete elimination of the threat of malicious insiders is not possible. As the insiders have a fair degree of physical and logical access to systems, databases, and networks, these attacks can be severe in nature. Mobile devices In this world of advanced technology, with iPhone worm being an example, there are worms and other malware that specifically target these devices. These attacks can potentially steal banking data and enlist these devices in a botnet. Sophistication of botnets Botnets have become the platform of choice for launching attacks and committing fraud on the Internet. A recent study suggested that more than 100 million computers are currently infected with botnets. Botnets are malware that infect computers and run automatically to compromise large numbers of machines for malicious activity. The present trend is to unleash a large-scale botnet attack to hide more targeted malware attacks against a specific firm. Threats emerging form social networking Social networking sites such as Facebook, Twitter and MySpace can evoke serious threats to organizations. Phishing becomes very successful here by stealing IDs of users of other technologies. The trust component attributed to these sites provides an easy target for identity thieves. As the popularity of these sites grows, the amount of threat is sure to increase as well. Cyber Espionage It is an act of obtaining secrets without the permission of the holder of the information from individuals, organizations, governments etc through the use of cracking techniques and malicious software. Economic espionage is ever increasing nowadays. Web application security exploits The websites with cross site scripting, SQL injection, and other vulnerabilities largely resulted from programming errors. As the user-supplied data is not fully trusted, web 2.0 applications are very much vulnerable. Zero-day attack This is a computer threat that tries to exploit computer application vulnerabilities that are unknown to others or undisclosed to the software developer. These are shared by attackers before the developer of the target software knows about the vulnerability. These attacks are found largely in secure protocols such as SSL and TLS. The zero-day vulnerability could also be in providers. Cloud computing As the world is slowly moving to the next big thing in technology, cloud computing, the threats hidden in that are not to be excluded. Abuse of cloud computing results in spammers, malicious code authors and other web criminals to do their activities easily. Insecure interfaces and APIs are also a threat here. Malicious insiders are a serious concern in cloud computing.