FROM BANK INFO SECURITY:
Impact of Information Security Trends on Banks, Part 2 : Shift Towards Application Level Attacks:
Many attacks in the past decade have focused on vulnerabilities at the network and operating systems level. Nowadays, hackers seem to be more closely focusing on application level attacks. There are several reasons for this.
- Too many network protocol suits are being used by organizations
- Organizations tend to use too many different operating systems within standard network services
- Too many different applications are used within each PC
There are a lot of applications, so many, that it is much more difficult to keep track of vulnerabilities and patches at this level. This is also reflected within security controls, as there are many robust controls for networks and operating systems, and fewer for application level attacks. Additionally, most controls concentrate on standard services and protocols (e.g. they can detect and block HTTP protocol anomalies, but are unable to protect against more specific application attacks that use those protocols).