15 January, 2008

SANS Institute Security Menaces of 2008

SANS has a list of their "Top 10 Cyber Security Menaces of 2008". Their list includes descriptions and explanations, but here are the 10 headings.


  1. Increasingly Sophisticated Web Site Attacks That Exploit Browser Vulnerabilities - Especially On Trusted Web Sites
  2. Increasing Sophistication And Effectiveness In Botnets
  3. Cyber Espionage Efforts By Well Resourced Organizations Looking To Extract Large Amounts Of Data - Particularly Using Targeted Phishing
  4. Mobile Phone Threats, Especially Against iPhones And Android-Based Phones; Plus VOIP
  5. Insider Attacks
  6. Advanced Identity Theft from Persistent Bots
  7. Increasingly Malicious Spyware
  8. Web Application Security Exploits
  9. Increasingly Sophisticated Social Engineering Including Blending Phishing with VOIP and Event Phishing
  10. Supply Chain Attacks Infecting Consumer Devices (USB Thumb Drives, GPS Systems, Photo Frames, etc.) Distributed by Trusted Organizations


Call me crazy, but doesn't this list basically look like more of the same? It is basically continuing trends from 2007. The people involved with the list are smart and right in the thick of things, but even the descriptions of each item constantly refer to related events that happened in 2007.

On the other hand, it makes complete sense that the most successful and damaging attacks from 2007 would continue in 2008. The attacks that can't get the job done will fade away in favor of successful methods that will continue and evolve once those on defense adjust to current trends.

I guess I just wish they had gone out on a limb with their look forward to 2008 rather than taking the safe bets of the current trends continuing. The only one where I think they really took a stab is blended phishing from number nine.

I don't have much to say about the individual items on the list. Most of them seem on the money. The only one I might question is number five, insider attacks. They state that "insider risk has sky-rocketed", but is the risk really that much higher than it used to be? Insider attacks may be a problem and they may be costly, but I'm not sure the relative risk has sky-rocketed, particularly if you compare the successful insider attacks to successful attacks from outsiders.

Anecdotally, accidental compromises by insiders seemed to get as much or more coverage recently than purposeful insider attacks. Among other things, telecommuting, portable storage, and proliferation of hand-held devices that are tied to the enterprise don't just make it easier for insider attacks, but also for accidental compromises resulting from insider carelessness. We've all seen the stories of laptops with tens of thousands of personnel records being lost or stolen as a result of poor security practices.

One last note is that I'm curious who they see as their target audience for the Menaces of 2008.

No comments:

Post a Comment