Computer hackers target security products

SANS Institute reveals top 20 security flaws

Computer hackers have stepped up efforts to exploit flaws in information security software, according to research backed by the Home Office.

Over the past 12 months cyber criminals have shifted their attention from targeting holes in Windows and Unix software to attacking data back-up, recovery and antivirus products, according to the annual SANS Institute Top 20 security vulnerability report.

According to the study, which includes contributions from the UK's National Infrastructure Security Co-ordination Centre, criminals are using automated harvesting software to gain access to sensitive information stored in back-up systems.

SANS' director of research, Alan Paller, says many IT departments are failing to patch vulnerable data back-up software and storage systems and are therefore leaving their most important digital assets open to theft.

'Many of the owners of these systems do not know that their systems are vulnerable because the vendor no longer has their email, as they may have changed their address, and because backup software users rarely check for updates,' said Paller.

'Sadly, that's where most the most valuable data is stored, because people only back up important information.'

While Windows and Unix flaws are still being exploited, hackers are also eavesdropping and launching targeted attacks on businesses using security holes in network routers and switches.