4. Targeted attacks
Because this is a broad category, it is the most difficult to defend against, Young says. These attacks are custom designed for individual businesses or employees of companies in an effort to gain access to valuable resources. They may combine a number of techniques such as phishing, exploiting application or Web vulnerabilities and use of bots.
"One common element is they manipulate you to take action yourself [such as clicking on a bogus URL] in order to work," he says.
These attacks are most often launched for economic gain, which can range from stealing personal data for resale, compromising intellectual property or holding a business for ransom by demonstrating the ability to take down the corporate network. In the latter case, businesses may decide to pay ransom because it is less expensive than network failure.
The steps that businesses can take are a collection of best practices such as human resource screening to defend against disgruntled employees, service protection contracts with carriers to fend off DoS assaults, and employee education about social engineering ploys that could get them to compromise the network.
5. Attacks via gaming and virtual reality sites
Attackers have developed exploits in multiplayer games that can take over a player"'s machine when the image of a malicious player crosses the screen, says Ed Skoudis, security consultant with Inteleguardians. This can take the form of bot-like control of the target machine, he says.
The exploit could also be used in virtual reality markets such as Second Life where participants can carry on transactions. "That attack vector is very fruitful," Skoudis says.
6. Browser threats
Public Web sites that are vulnerable to attacks can be seeded with malicious code that in turn attacks or takes over control of machines that connect to the site. This has the potential to undermine the networks that these machines are associated with, Skoudis says.