Cyber attackers are focusing on application programs

Published 23 November 2005

Analysts are noticing a worrisome trend: Cyber-attackers are increasingly targeting application programs, including backup systems and antivirus software. In the past cyber-attacks had focused on operating systems such as UNIX and Windows, but the use of software patches for known computer vulnerabilities has thwarted hackers’ efforts to exploit weaknesses in operating systems. Faced with more robust operating system security, cyber-attackers are now focusing on software applications, such as media players like iTunes and Internet Explorer. This year’s SANS Top 20 — a consensus list of critical computer vulnerabilities produced by computer security experts — reflects a changing threat profile that may expose new and unprotected elements of computer security. U.S. government security experts agree that criminals are targeting these new vulnerabilities. “[The US-CERT] received reports of important system compromises using vulnerabilities in backup products within a few days of the public disclosure of vulnerabilities in those products,” Jerry Dixon, director of US-CERT, said in a statement.

-read more in this CQ report (sub. req.); for the SANS Top 20 list see SANS Web site