Next Generation Malware Will Target Web Apps
Industry security professionals are warning of increased targeting of web application vulnerabilities, an approach increasingly taken by criminals intent on stealing personal financial information and spreading their malware to others. With botnets increasing probes for security vulnerabilities in hosted applications, the importance of keeping software patches up to date has never been of bigger concern to security professionals.
Industry news sources have published recent articles on the trend: PC World has an article entitled “Beware New Malware in Web Apps,” which warns of increases in SQL injection attacks and even relates the author’s unfortunate experience with a website compromise. With increasing numbers of developers favoring browser-based application over desktop versions, the importance of keeping private data under lock and key has never been higher. Adding to the issue are exploits designed as multiple stage attacks; a server is compromised through a web application vulnerability, and then used to stage attacks against client devices (i.e. drive-by downloads). Instead of simply compromising one system, the target can be used to put thousands of other computers at risk.
As with all issues, this one has a silver lining of sorts: these problems are giving a boost to the market for network security and penetration testing firms. As companies become more aware that security is a process, not a product, hopefully we’ll begin to see an increase in attention to the new classes of online threats that are sure to emerge.
