A zero-day attack? | |
A related trend is the big jump in attacks exploiting vulnerabilities in Microsoft's Office suite. Those attacks, which began in May with a zero-day assault against Word, continued through the summer, with Microsoft repeatedly patching the apps. Qualys, a security researcher and SANS list collaborator, says Office vulnerabilities tripled, and about 20% were zero-day vulnerabilities.
VoIP, meanwhile, is a risk to watch. Researchers worry about it being used to attack the conventional phone network. "The traditional phone network has never been accessible to hackers directly," says Rohit Dhamankar, senior manager of security research at 3Com's TippingPoint, "but if you can compromise a [VoIP] server, there's a chance you can craft special messages to the traditional network, perhaps crash the network."