Computer users today face a new round of attacks that pose new challenges to both consumers and businesses. These new attack vectors often sidestep traditional security defenses. Hackers, supported by international crime gangs with deep pockets, are accosting consumers and office workers with sophisticated technology.
The threat landscape is changing. Hackers are more determined than ever to steal valuable data, credit card and banking account credentials and much more. Computer hackers, much like the gold diggers of the Wild West of yester-year, are determined to hit the mother lode of sellable business and personal information.
Hackers do not stop trying when they confront more solid computer and network security. Instead of turning back, they develop better methods to trick users into letting them inside network perimeters and computer defenses.
The latest security research shows that the attackers are no longer just going after the low-hanging fruit of organizations. The bad guys are not just picking from places they find with no security solutions in place.
"They are looking at the advanced security solutions that organizations use and are finding ways to get around them as well," Ashar Aziz, CEO of FireEye, told.
Doing Their Homework
Hackers are modifying their attack vectors. They are much more sophisticated now and show a lot more advanced knowledge of corporate networks they target.
One way hackers achieve this goal is learning what holes exist is popular software that the good guys haven't found or patched yet. This is forcing security pros to constantly figure out new defenses.
The predominant theme is highly sophisticated and targeted attacks using novel and previously undisclosed vulnerabilities in commonly deployed applications and vendors such as Adobe (Nasdaq: ADBE), Flash, Web browsers and infrastructure, Aziz explained.
"We are seeing folks launch attacks showing an advanced knowledge of the target's network," Steve Shillingford, CEO Solera Networks, told.
Shut Up and Wait
A new key attack tactic is evasion. Hackers do not leave being discovered up to chance. They build in secrecy.
"We are also seeing more instances where attackers are trying to be more evasive. We've been able to reverse engineer some of the attack codes we've discovered. We see that the attack actually goes quiet if it is detected. It stays dormant until the coast is clear," Bradley Anstis, vice president of technical strategy at M86, told .
A related tactic: The bad guys launch these attacks using what they call attack kits. These attack kits look like normal software applications and mimic many of their behaviors as a way of concealing their presence, he added.
Hide and Seek
Coming into a network in stealth mode helps the hackers recognize all the assets stored there. They have a view of the network landscape and can go after anything they want, Aziz added.
"The persistent thing about these new attacks is their ability to remain undiscovered and continue spying on the network," he said.
Criminal programmers are showing more use of dormant worms and botnets that get a foot in the door and then quietly wait for instructions, according to Shillingford. The Conifker Worm is a good example.
"It is still resident on countless computers and people are still trying to figure out what is is trying to do," he said.
Making End Runs
One of the most surprising changes researches found at the British security firm M86 is an emergence of attacks to get around the newest defensive technologies that organizations are using. These combined attacks split to go after the various elements designed into a Web page.
"If you look at the individual attack elements, they look benign. There is nothing there to suggest anything malignant," said Anstis.
It is only when these elements are combined on an actual Web page the way a browser does that the actual attack raises its head. Methods like these are very hard to block and have security people scurrying, he said.
"This is the first time we've seen the bot attack specifically designed to get around the existing real-time system defenses," said Anstis.
Criss-Cross Connectivity
Mobile devices today, more than every before, are causing havoc with security. The mobility space is drastically changed in the last year. Secure methods such as dial-in and secured VPN nearly guaranteed limited log-in options.
"Mobility is now a game-changer. Dial-in access is replaced with from-anywhere connectivity. Access is now more important to users than remote security. Attackers exploit all of this," Martin Hack, executive vice president of NCP Engineering, told .
Clearly, quite a bit of complacency surrounds remote access. Research has shown that VPN played a major role in high-profile attacks in the last few years, according to Hack.
"It was directly involved even if not the primary connection method. We initially thought VPN was incidental," he said.
Tunneling Through
VPN is still the best method to connect to the Internet. But it has to be properly set up and constantly monitored, said Hack.
"Not managing it properly is the fault in these hacking instances. It must be configured properly. You just can't set it up and forget about it," he offered.
A major risk comes from hosted VPN services that are not properly configured. Hackers can get at data in one tunnel by breaking into another. This is a major concern when more than one customer has tunnels, Hack explained.
More Safety in Obscurity?
When it comes to computer security, the weakest link is indeed the software. And it does not make much difference what the computing platform is. Software will always have vulnerability. It doesn't matter whether or not it is Windows software.
"Windows is more targeted but no less insecure. No operating system is completely attack-proof," Phil Lin, director of marketing for FireEye, told .
Attacks are now cross-platform. Other OSes are still vulnerable. The Mac OS and the Linux OS are not bug-free. It is just the prevalence of Windows that motivates the attacks to focus on that target-rich environment, said Lin.
"We haven't figured out how to program without bugs. It is these software errors or vulnerabilities that allow attackers to run arbitrary code," he said.
Cross-Platform Causes
There is a degree of benefit from being below the radar in using Mac or Linux. But if the payoff is there, an attack will follow, noted Lin.
"If there is a high-value target on another platform, they will figure out a way to get at it," he said.
One example of software vulnerability and cross-platform weakness is the Web browser.
No comments:
Post a Comment