SANS Institute: Gullible PC Users a Threat to Security

November 29th, 2007 - 2:16 am ICT by admin  

One of the biggest security vulnerabilities for computers and networks is sitting in front of the desk. According to the SANS Institute’s annual report on the Top 20 Internet Security risks, released Tuesday, “users who are easily misled” ranks with custom-built applications as the top targets for attackers.

The report cites several cases, based on real events, that illustrate the real-world implications of today’s security challenges.

Real-World Scenes

In one instance, hundreds of senior federal officials and business executives visited an infected political think-tank site, and their computers became zombies. Keystroke loggers installed on their machines captured user names and passwords for their personal bank accounts, their stock trading accounts, and their employers’ computers, and sent them to the attackers in various countries. Money and sensitive data was lost.

In another case, a teenager simply visited a Web site with an old version of a media player. A video started to play as soon as she entered the site, helping to install a keystroke logger on the machine — the same computer her father used for his online bank account. The account was emptied by the attackers. Although the bank later reimbursed him, U.S. law enforcement officials discovered that the money went to a terrorist group that recruited suicide bombers.

In a third case, a custom-made program had a programming error that allowed criminals to take private patient records from a hospital. The hospital had to choose between paying extortion or having the records disseminated on the Internet.

Five Minutes Before Attacks

These and other horror stories illustrate the security landscape as presented by the SANS Institute report, the collective effort of 43 security experts from government, industry, and academic in several countries. The Institute, founded in 1989 as a cooperative research and education organization, conducts information security training and certification.

The Institute’s report presents a…

Related Stories

Tags: , , , , , , , , , , , , , , , , , , ,

Posted in Technology Industry News |

Subscribe