Information security centric blog. Covering administrative, technical and governance security issues. Topics include compliance, microsoft windows, apple osx, solaris, unix and linux technical how-to. Discussions regarding penetration testing, security assessments, and security controls. Opinions related to PCI-DSS, NERC, FERC ISO27000 and other compliance related themes.
Monday, January 18
Targeted Attacks - 2010 Predictions
It doesn't seem long into the new year and we already have two really high-profile targeted attacks,
The one reported at the end of December was a targeted attack on Google and a few other companies using some 0-day code. - Google's release
The other is a new report of defense contractors being targeted using a only-recently patched exploit for adobe acrobat reader. - F-secure's writeup
Not surprisingly, motivation of would-be attackers continues to move from targets of opportunity to targets of value, the surprising thing about it is how quickly this trend is progressing.