Second Qualys annual report shows increasing hacker sophistication

The second annual report from Qualys on cybersecurity trends, and compiled from data from HP TippingPoint DVLabs, the SANS Institute and Qualys Research Labs, notes that most serious security issues this year have stemmed from increased use of consumer technologies in the enterprise.

This trend, says the Qualys, includes the download of applications and use of social media tools on company computers, which has opened the door for security risks and attacks through a number of web vectors.

Other issues highlighted in the report include "prolonged and persistent" targetting of web applications, which are said to continue to pose one of the biggest risks to company networks, often due to vulnerabilities in integration points between products.

The real problem, it seems, is the increased organisation and sophistication of attackers.

According to the study, the level of attack sophistication has increased across all attack types, from client side-attacks such as malicious JavaScript, to server-side attacks like PHP file attacks.

Attackers, says the report, have become more organised and increasingly subversive and inconspicuous in the way they execute their attacks.

The research also claims that legacy technology attacks from well-known malware threats continue to be a problem, which Qualys says emphasise the importance of continued protection against already-known threats.

Wolfgang Kandek, the firm's chief technology officer, said that his team collaborated with HP and the SANS Institute to create this report.

"It includes in-depth information on the latest vulnerabilities and threats, to help organisations implement the processes and solutions to best secure their systems and applications and embrace a proactive approach for security", he explained.

Delving into the report reveals that web applications continue to be highly attractive targets for hackers, offering cybercriminals an easy way for organisations to create an interactive relationship between constituents such as customer, employees, and partners, and their back-end systems.

"Because web applications are relatively easy to build and offer inexpensive extensibility, they yield a great deal of value and functionality", says the report, adding that, as a result, the number of web applications continues to grow steadily.

What’s hot on Infosecurity Magazine?