November 28, 2005
New Path Of Attack
By Thomas Claburn
Cybercriminals have had it with the limelight. With the law onto them, they've mostly abandoned self-aggrandizing vandalism to concentrate on more clandestine concerns: making money off someone else's data. And to do that, they're now attacking applications rather than operating systems.
A report on the 20 most-critical Internet security vulnerabilities for 2005, released last week by the SANS Institute in conjunction with government representatives from the United States and the United Kingdom, shows an unsettling shift. While most hacking between 1999 and 2004 targeted operating systems and Internet services on Web servers and E-mail servers, that changed this past year. Now, applications and network devices' operating systems have become the primary targets.