Hackers are moving from infiltrating and attacking companies via commercial applications to exploiting in-house programs.
According to HP's 2011 Top Cyber Security Risks Report, while publicly disclosed vulnerabilities continue to say no year on year, and there have been 19.5 per cent fewer in 2011 than in 2010, the marketplace for private vulnerability sharing increased. However, it claimed that vulnerabilities in custom-built applications are escalating.
Talking to SC Magazine, Simon Leech, pre-sales director EMEA at HP Enterprise Security, said attackers are moving to in-house-developed applications because the attack vectors are moving from opportunistic attacks to more targeted ones.
He said: “Vendors would not have signatures to patch vulnerabilities on in-house applications. Our research found that 54 per cent of in-house applications had reflected cross-site scripting (XSS) flaws; 40 per cent had persistent XSS failings; and 86 per cent injection flaws. Protecting and fixing these applications is becoming very relevant to protecting the infrastructure.
“These applications were written in-house and no person expected them to be on the web, so as to produce secure code becomes vital.â€
The report also found that the disclosure of recent vulnerabilities in commercial applications has slowly declined since 2006, dropping nearly 20 per cent in 2011 from the former year. However, data from the report demonstrates that this decline doesn't signify decreased risk.
It also found that attacks via exploit kits vastly increased in 2011, with a marketplace developing to trade kits and rewrite code in order that it's undetectable by anti-virus software.
Nessun commento:
Posta un commento
Comments links could be nofollow free