Traditional security model of updating patches and complying with regulatory mandates simply cannot keep up with the sophisticated attack methods and is failing many government institutions in the US, SANS Institute reports. This is due to the online attacks becoming more targeted and privileged, when signature-based antivirus engines cannot protect you from the quick-changing malicious codes.
Last year can be narrowed down to two biggest trends – one is duping someone of the staff with a privileged access to the high-value computers (such as senior executives, IT administrators), the other’s targeting the custom-built web applications (half of the total flaws reported in 2007 have been in web applications), which means the browser can be titled the main gateway for malware.
There also has been a clear jump in vulnerabilities found in Microsoft Office products (Word, Excel, Visio etc.)
Comment on Attackers outwit security easily as ever