The Next Wave of Web Attacks

An interesting blog entry at ZDNet Australia by Munir Kotadia.
The entry theorizes a new style of attacks. Rather than going to the trouble of setting up a phishing site, and sending out a million emails only to have spam filters stop most of your email, savvy users ignore what gets through, while your phishing site is shut down, attack the trusted e-commerce site.

The cybercriminal underworld is well funded and employs skilled software engineers to develop and test malicious code.
In a recent interview with Trend Micro’s CTO David Rand, he said: “In one case there was at least US$250,000 funding for one piece of malware. That is a lot. It means they can do QA, proper engineering development, testing and a complete product cycle… We think they are cutting edge technologies”.
“Our job, as always, is to anticipate what they are going to do next and create effective countermeasures. If we try to simply play catch up we will never win,” he added.

Are your security defenses up to the challenge?