Hackers Now Turning to Software Applications

According to director of research Alan Paller for the SANS Institute, with operating systems becoming more difficult to hack, malware authors are increasingly turning their attention towards software applications. Paller was speaking at the San Francisco, USA held RSA Security Conference that GCN reported on April 23, 2009.

Says Paller that 90% of the latest hacking codes attack software applications, a considerable rise during last year (2008). Further according to him, while those writing operating systems always drive their experts to develop secure software, the application guys in this respect have always been indifferent.

In fact, a new survey of 200 enterprises by Forrester Consulting that Veracode Inc. commissioned discovered that 62% of respondents had suffered a breach of security on their computers during 2008 owing to security flaws in critical applications.

Besides, in spite of the magnitude of vulnerability this represents, merely 13% of those queried stated that they were aware of the quality of security of their programs, while merely 34% said that they had an all inclusive software that incorporated application security.

Also according to the security experts, the growing tendency of un-secured applications is a factor responsible for attacks against authentic websites, through malicious codes. Said director of security research Danny Allan for IBM Rational that the dramatic growth in the volume of malware that was found on authorized websites during 2008 had pushed the demand for unearthing malicious code. RedmondDeveloper published this on April 24, 2009.

Moreover, according to Allan, as much as 80% of malware is now being served up through authorized websites where such software has been planted stealthily.

Thus, said Allan that the increasing insecurity of software applications was raising risks for organizations while they conducted business operations online. Therefore he concluded that companies unanimously needed to view the problem as an omnipresent issue that no single organization could do all by itself.

Moreover, the security specialists further said that some amount of diligence was required from software developers as well that could be attained only if the security industry as a whole worked towards it, instead of just hastening to reach the market.

Related article: Hackers Redirect Windows Live Search to Malicious Sites

» SPAMfighter News - 5/2/2009