[ISN] Attackers Step Away From Mainstream, Target Lesser-Known Apps

From: InfoSec News <alerts_at_private>
Date: Wed, 25 May 2011 02:50:54 -0500 (CDT)

By Robert Lemos
Contributing Writer
Dark Reading 
May 24, 2011

Microsoft has Patch Tuesday. Oracle and Adobe are on regular patch 
cycles, often issuing ten or more patches at once. But many smaller 
vendors haven't yet developed such rigorous patching processes -- and 
that may make them prime targets for new exploits, experts say.

After years of attacking popular Microsoft file formats such as Word and 
Excel, attackers moved on to Adobe's PDF and Flash formats. Today, more 
attacks are focusing on Oracle's Java. As they became subject to more 
frequent attacks, software vendors strengthened their platforms to make 
them more difficult to assault.

But for the most part, smaller software vendors have not had to weather 
the scrutiny of cybercriminals and security researchers. And because of 
this lack of scrutiny, attackers are beginning to develop more targeted 
and sophisticated attacks that take advantage of flaws in less popular 
software that has not had as much rigorous security testing.

"At some point, [attackers] are going to exhaust all the different file 
formats that they can exploit," says Mike Dausin, manager of advanced 
security intelligence for HP TippingPoint's DVLabs. "It was only .exes 
at first, and then it was screen savers, and on and on down the list. 
... As the holes get plugged, [attackers] will likely move on to the 
more exotic formats."


Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
Received on Wed May 25 2011 - 00:50:54 PDT

This archive was generated by hypermail 2.2.0 : Wed May 25 2011 - 00:55:25 PDT