CERT-FI releases 2008 Information Security Review

2008-08-27

"CERT-FI is the Finnish National Computer Emergency Response Team whose task is to promote security in the information society by preventing, observing, and solving information security incidents and decimating information on threats to information security." - CERT-FI

CERT-FI publishes quarterly Information Security Reviews, as well as an Annual Report with the most significant events affecting both national and international information security. These reports aim to provide firms, organizations, and private citizens, with information on how to assess their security risks.

Their most recent report discusses:

SQL Injection Vulnerabilities

Cross Site Scripting

Denial of Service

Malware

Phishing

Spam

Software Vulnerabilities

With each topic, the report provides an explanation of how these techniques are used, and gives real-life examples of how companies have dealt with these issues.

In one paragraph, titled 'Targeted attempts to spread Malware', the report states, "CERT-FI has been informed of cases in which Finnish companies have been specifically targeted by attempts to spread malware. Malware has been spread as e-mail attachment files sent to specific and carefully selected groups of recipients." Continuing with, "A typical example of an attachment that includes malware is, for instance, a meeting or conference invitation."

The report also includes a chart that shows a comparison between the first 6 months of 2007 and the first 6 months of 2008. The chart reveals a significant growth in security incidents:

- Vulnerabilities and Threats = 24 in 2007 - 271 in 2008

- Malware = 1067 in 2007 - 1187 in 2008

- Preparation for Attack = 3 in 2007 - 59 in 2008

- Data Break-in = 27 in 2007 - 102 in 2008

CERT-FI states, "The number of incidents handled by CERT-FI has grown by a fourth from last year. Especially the number of notifications of software and Internet service vulnerabilities, attack preparations and realized attacks on information systems have increased compared to last year."

To read the entire report, visit:

CERT-FI Information Security Review 2008

To visit the CERT-FI website, go to: www.cert.fi