Monday, November 15th, 2010 - Pure Hacking
1. Smart phones and tablet PCs primary target for hacking attacks
2. Virtualisation and cloud computing raises new access threats
3. Sophisticated web browsers take on complex security vulnerabilities

Sydney, 15 November 2010 – Pure Hacking, the Australian experts in helping organisations protect their information assets, has provided an insight into the prominent attacks and security concerns potentially facing organisations in 2011.

The next wave of corporate attacks

For Ty Miller, CTO, Pure Hacking, the major challenge for Security Officers will be the ongoing popularity of smart phones and tablet PCs. “The demand to integrate these devices into corporate networks will increase. We forecast that this is the next wave for corporate attacks as organisations face security compromises through these new weakest links.”

"Hardware appliances and phone devices that are not patched on a regular basis, or at all, will be a primary target for 2011. Compromising these systems generally goes undetected allowing the attacker to keep control over the device for a longer period of time. Organisations may find that their current security controls are being bypassed, or vulnerable and infected devices are being plugged into their network," he continued.

With smart phone and tablet PC security under threat, this will lead to an increased focus around wireless security and network access controls in an attempt to keep these devices in check. Organisations will have to be diligent as they prevent unwanted systems from being connected to corporate networks.

Not every Cloud has a silver lining

Virtualisation and cloud computing continues to be under consideration with CIOs as they plan to consolidate systems and streamline administration to reduce costs.

According to Miller "Cutting costs does come at a price. Attack vectors against virtualised and cloud environments are often unknown to both CIOs and even hosting providers. The scenario where an attacker could simply purchase hosting at a cloud facility to gain access to your new cloud DMZ is a potential and valid threat."

This raises major security concerns around the privacy of sensitive data being stored on cloud systems.

"Companies hosting their systems in the cloud should be aware of regulations that they must meet, such as PCI DSS (Payment Card Industry Data Security Standard), to ensure that the selected cloud computing provider is security conscious."

Web browser sophistication raises complex security issues

Web browsers will become even more sophisticated throughout 2011 with the inbuilt features continually being extended to provide an enhanced end user experience.

"As systems become more complex and feature rich, managing the security around this also becomes more complex. This leads to vulnerabilities being introduced, and so an increase in client-side exploits will be potentially encountered," outlined Miller.

"These client-side exploits will be used to compromise internal corporate networks through phishing attacks as well as targeting smart phones and tablet PCs."

This will increase the importance of egress filtering and data theft prevention within organisations to stop compromised internal systems connecting back to the attackers.

Pure Hacking is at the forefront of specialist network security services, providing highly skilled penetration testing and design reviews of infrastructure, wireless, VoIP, SCADA, mobile and virtual environments. Pure Hacking's operational security services help organisations' to regain control over their risk by identifying real issues within their network.

Contact Profile

Pure Hacking

Pure Hacking is Australia’s leading dedicated, vendor-neutral ethical hacking company in Australia. Its sole focus is risk and security. Today it provides secure development services, secure code reviews, penetration testing and training modules to a range of clients throughout the Asia Pacific region.
Cathryn van der Walt
P: 0402 327 633


Smart phones, tablet PCs, hacking, hacking atttacks, network security, data theft, cloud computing



More Formats