main navigation areas

• Home
• About
• Alerts
• Incidents
• CSN
• Library
• Search

SANS Publishes Top 10 List

January 29, 2008

For the last several years, the SANS Institute has published popular lists of the twenty most critical computer and network security vulnerabilities. These lists have provided guidance to many organizations in planning information security efforts.

This year, SANS has also assembled a team of twelve cyber security experts to pool their expertise about emerging attack patterns and put together a list of the ten attacks most likely to cause substantial damage during 2008. There are a number of the usual suspects, but a couple of surprises, like persistent bots and supply chain attacks.

Here is the top 10 list:

1. Increasingly sophisticated web site attacks that exploit browser vulnerabilities
2. Increasing sophistication and effectiveness in botnets
3. Cyber espionage efforts by well-resourced organizations to extract large amounts of data for economic and political purposes
4. Mobile phone threats, especially against iPhones, Google's Android phones, and voice over IP systems
5. Insider attacks
6. Advanced identity theft from persistent bots
7. Increasingly malicious spyware
8. Web application security exploits
9. Increasingly sophisticated social engineering to provoke insecure behavior
10. Supply chain attacks that infect consumer devices

Read more about the threats on the SANS web site.

Computer Weekly has published an article about how to combat these threats.

• contact
• employment