Instead of Employing Highly Precarious, Advanced Attack Techniques, Attackers Capitalize on Hacking
IBM, which has just released its Mid-Year Trend and Risk Report for 2013, states that zero-day attack codes and custom malware pose extreme risk online, however, cyber-miscreants discover that it isn't really essential to employ any sophisticated method for unleashing targeted attack runs.
They, instead of using expensive 0-day assaults, which rely on custom malware for exploiting earlier undetected security flaws, are utilizing increasingly lucrative hacking methods for acquiring admission into corporate computers. Assaults of the ordinary kind namely cross-site scripting and SQL injection remain highly favored methods while delivering APTs (advanced persistent threats), says IBM. Success prevails while exploiting vulnerabilities within frequently used software namely Java and Adobe Flash.
There's another emphasis in IBM's study paper that is hackers have started honing personal skills for gaining the maximum from their campaigns, as they capitalize on Web-surfers' trust in social media, watering-hole assaults and mobile technology.
Leslie Horacek, the report's Senior Editor and IBM X-Force's Global Threat Response Manager states that cyber-criminals, in their latest ploy, are trading social networking A/Cs, a few being compromised of real site members, while the rest fabricated as well as crafted as appearing real via make-belief profiles that also have many contacts on the Web. Cbronline.com published this dated September 25, 2013.
In the meantime, the geographic region dominating in malware-distribution through exploits is USA, which has been facilitating over 42% of the entire malware web-links, while Germany is distantly second at almost 10%.
The 3 most prevalent scams, which IBM noticed luring end-users towards following malicious web-links/attachments within electronic mails, misappropriated online payment firms, internal fax/scanner machines and social networks. Together these 3 main fields are behind over 55% of the entire phishing and scam attacks witnessed in H1-2013 (Jan to June 2013).
Elsewhere Horacek stated that whilst cyber-criminals kept on making the most out of their operational advancements, yet maintaining basic security remained the most efficacious way for overcoming both earlier prevailing and evolving strategic attacks. What happened to be certain was that services and devices claimed as trustworthy were long gone, the expert concluded. Infosecurity-magazine.com published this dated September 24, 2013.
» SPAMfighter News - 03-10-2013