@Risk

Many businesses remain extremely vulnerable to security attacks that can damage brand reputations and business operations, according to a new report from security experts TippingPoint, SANS Institute, and Qualys.

Unfortunately, it appears that security attacks are growing in quantity, frequency, and severity of impact. What’s more, it’s becoming increasingly difficult to gauge which threats pose the greatest risk. This new “Top Risks Report” highlights the most significant attacks over the last six months and offers insights about how companies can minimize their vulnerabilities, while preparing their defenses.

“By combining information on attacks with data on specific vulnerabilities, we can provide organizations with real, actionable information for protecting their systems,” says Alan Paller, director of research for the SANS Institute. “Our goal in releasing this is to give overwhelmed security professionals the tools they need to prioritize their resources and security practices to achieve the best protection for their network.”

Here are a few key findings from the report:

• Unpatched popular client-side applications put businesses at risk for data theft. PC applications often remain unpatched, compromising these machines to be used to propagate attacks and compromise internal computers. This leaves a window open for hackers to steal critical data, impact network performance and affect business continuity. Examples of these applications include Adobe Acrobat Reader, Microsoft Office and Apple QuickTime.

• The number of Web application attacks is increasing, elevating the threat posed by previously trusted Web sites. Web applications comprise more than 60% of the total attack attempts occurring on the Internet. These vulnerabilities are being exploited widely to convert trusted Web sites into malicious servers serving client-side exploits.

• Operating system vulnerabilities are decreasing, but still pose a significant threat to an organization’s security resources. Operating systems (OS) have a lower number of vulnerabilities that can be remotely exploited to become massive Internet worms. The Conficker/Downadup is the exception and represents a major hole in many organizations’ security strategy. Attacks on Microsoft OS were dominated by Conficker/Downadup worm variants. For the past six months, over 90% of the attacks recorded for Microsoft targeted the buffer overflow vulnerability described in the Microsoft Security Bulletin MS08-067.

• A growing number of vulnerability researchers is causing a backlog of unpatched software and a greater risk that these will be exploited. The number of people discovering zero day vulnerabilities is growing fast, yielding a growing number of vulnerabilities that remain unpatched – some for as long as two years. This lag time in patching increases the chance of hackers creating exploits targeting those vulnerabilities.

The full report is available here.