SANS: Cyber Attackers Found Green Fields in 2005

After years of writing viruses and worms for operating systems andsoftware running on Internet servers, hackers found some new areas totarget in 2005, according to an influential report on security trendsset to be published Tuesday.

Over the past year, attackers have been switching their focus tonetwork devices, backup software and even the security softwaredesigned to protect computers, according to the 2005 SANS Top 20 listof the most critical Internet security vulnerabilities, said AlanPaller, director of research with the SANS Institute, a trainingorganization for computer security professionals.

“In the past 12 to 15 months… attackers have made a massive shift toattack applications,” Paller said in an e-mail interview. “Automatedpatching started making it harder to find new vulnerable systems, sothey went after applications that users are just not patching.”

“Other more sophisticated attackers, looking for new targets, foundthey could use vulnerabilities in network devices to set up listeningposts where they could collect critical information that would get theminto the sites they wanted,” he added.

The SANS Top 20 list has been published annually since 2000. It iscompiled by representatives from a variety of computer securityorganizations including the U.S. Computer Emergency Response Team(US-CERT), the British Government’s National Infrastructure SecurityCo-Ordination Centre (NISCC) and the SANS Internet Storm Center.

The list is designed to give security professionals a quick sense ofthe industry’s consensus on which commonly targeted securityvulnerabilities require their most immediate attention. It hastraditionally focused on Windows and Unix vulnerabilities, as well asproblems with some server-side applications.

The focus on new client applications and networking products hashappened because so many server-side and operating system bugs havebeen fixed, forcing security researchers to look elsewhere for bugs,said Gerhard Eschelbeck, chief technology officer and vice president ofengineering with Qualys Inc., and a contributor to this year’s list. “Alot of the low-hanging fruit has been identified now,” he said. “Wereally reached a tipping point earlier this year, where people startedto look aggressively at client-side applications.”

Security researchers also started looking at vulnerabilities innetworking products, thanks in part to a controversial presentation bysecurity researcher Michael Lynn at this year’s Black Hat 2005conference in Las Vegas. Cisco Systems Inc. sued Lynn after hediscussed security problems in the Internetwork Operating System (IOS)software that is used by Cisco’s routers.

Networking products appeared on the SANS list for the first time thisyear, with Cisco vulnerabilities taking three of the 20 slots. The listalso includes nine common application vulnerabilities, two Unixproblems and six Windows issues, all of which “deserve immediateattention from security professionals,” according to SANS.

When it is published Tuesday, the SANS Top 20 will be visible here.

By Robert McMillan – IDG News Service (San Francisco Bureau)