Changing battleground: security against targeted, low-profile attacks
Abhilash Sonwane Cyberoam
If Code Red, Netsky, Nimda and Slammer were the attention seeking, boisterous bunch of Internet threats that struck at
random, today's attacks are crafty in their silence. Methodical and highly targeted, they avoid the limelight. What
looks like a lull today is, in reality, a false sense of calm as attackers continue to launch silent attacks,
siphoning funds, stealing personal identities and confidential information, and carrying out attacks of vendetta
and exploitation.
These threats stalk the Internet world, targeting the lesser known, less defense-ready counterparts and individuals
rather than the well-known entities. As a result, these attacks go unreported.
And it doesn't take a genius to carry out these attacks. All it takes is one ordinary hacker to obtain freely and
openly available malware, crimeware and phishing toolkits to sniff out weak links and exploit individuals and
enterprises.
This paper studies loopholes in individual and enterprise security, and how they are exploited, along with the
existence of current threats and their evolution. It explores how innovation in the security industry must move
towards defense-readiness, taking into account the human factor to recognize anomalous activity and deviation in
user behaviour patterns.
del.icio.us 
digg this
This month's VB100 test saw some major changes and a radical overhaul of the VB100 test methodology - for the first time allowing products to use their 'cloud' look-up systems. John Hawes has all the details.