Vulnerabilities / Threats
7/26/2013
03:49 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Honoring Black Hat's Sweet 16, Venafi Report Chronicles 16 Years of Attacks, Offers Advice On Defending Against Advanced Threats

Chronicled in the report are the different eras of attacks and attackers, with factual examples of attacks and exploits from each period

SALT LAKE CITY, UT--(Marketwired - Jul 24, 2013) - Venafi, the inventor of and market leader in Enterprise Key and Certificate Management (EKCM) security solutions, is celebrating Black Hat's "Sweet 16" with the release of its latest report, "16 Years of Black Hat - 16 Years of Attacks: A Historical Overview of the Evolving Cyberattack Landscape." The report chronicles the last 16 years of attacks, threats and exploits, and analyzes how they've evolved and intensified over time. The report also offers advice to enterprises on how to better defend against a new era of attacks that increasingly leverage unprotected cryptographic keys and digital certificates -- the security technologies that form the foundation of IT security and online trust.

Report readers will learn about the history and evolution of attacks and the changing faces of attackers. They will also realize that criminals have used every weapon in their arsenal -- from malware and Trojans to attacks on trust -- in order to make a name for themselves, disrupt business, and steal data and state secrets. The report shows that as enterprises have responded, advanced attackers have had to develop new and more resistant attack and evasion methods. More recent persistent and targeted attacks demonstrated a range or attack methods and provided powerful blueprints for more common cybercriminals.

"State-backed and organized cybercriminals learned from early hackers that their vast resources could be used for a variety of nefarious, disruptive or lucrative activities. Common criminals looking for the path of least resistance have mimicked advanced attack methods. This, coupled with organizations' failure to secure and protect keys and certificates has left the front doors open for attackers to enter at will and pilfer whatever sensitive data they want, whenever they want," said Jeff Hudson, Venafi CEO.

"Organizations must stop blindly trusting keys and certificates, and take steps to understand how these attacks work and what they can do to defend against them. Otherwise, they are a vulnerable target to anyone with a cause, computer and Internet connection."

Chronicled in the report are the different eras of attacks and attackers, with factual examples of attacks and exploits from each period, including overviews of the CIH computer virus, Melissa, Code Red, MD5, Aurora, Stuxnet and Flame. Historical eras include:

1997-2003: VIRUSES, WORMS AND A LITTLE DENIAL

2004-2005: THE BIRTH OF FOR-PROFIT MALWARE

2007-2009: THE RISE OF APTS

2010-PRESENT: ASSAULT ON TRUST USING KEY AND CERTIFICATE-BASED ATTACKS

To access "16 Years of Black Hat - 16 Years of Attacks: A Historical Overview of the Evolving Cyberattack Landscape," visit: www.venafi.com/sweet16

About Venafi

Venafi is the inventor of and market leader in Enterprise Key and Certificate Management (EKCM) security solutions. Venafi delivered the first enterprise-class solution to automate the provisioning, discovery, monitoring and management of digital certificates and encryption keys -- from the datacenter to the cloud and beyond -- built specifically for encryption management interoperability across heterogeneous environments. Venafi products reduce the unquantified and unmanaged risks associated with encryption deployments that result in data breaches, security audit failures and unplanned system outages. Venafi customers include the world's most prestigious Global 2000 organizations in financial services, insurance, high tech, telecommunications, aerospace, healthcare and retail. Venafi is backed by top-tier venture capital funds, including Foundation Capital, Pelion Venture Partners and Origin Partners. For more information, visit www.venafi.com.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2008-3277
Published: 2014-04-15
Untrusted search path vulnerability in a certain Red Hat build script for the ibmssh executable in ibutils packages before ibutils-1.5.7-2.el6 in Red Hat Enterprise Linux (RHEL) 6 and ibutils-1.2-11.2.el5 in Red Hat Enterprise Linux (RHEL) 5 allows local users to gain privileges via a Trojan Horse p...

CVE-2010-2236
Published: 2014-04-15
The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 4.0.0 through 4.2.0 and 5.1.0 through 5.3.0, and Proxy 5.3.0, allows remote authenticated users with permissions to administer monitoring probes to execute arbitrary code via unspecified vectors, rela...

CVE-2011-3628
Published: 2014-04-15
Untrusted search path vulnerability in pam_motd (aka the MOTD module) in libpam-modules before 1.1.3-2ubuntu2.1 on Ubuntu 11.10, before 1.1.2-2ubuntu8.4 on Ubuntu 11.04, before 1.1.1-4ubuntu2.4 on Ubuntu 10.10, before 1.1.1-2ubuntu5.4 on Ubuntu 10.04 LTS, and before 0.99.7.1-5ubuntu6.5 on Ubuntu 8.0...

CVE-2012-0214
Published: 2014-04-15
The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Advanced Package Tool (APT) 0.8.11 through 0.8.15.10 and 0.8.16 before 0.8.16~exp13, when updating from repositories that use InRelease files, allows man-in-the-middle attackers to install arbitrary packages by preventing a user fro...

CVE-2013-4768
Published: 2014-04-15
The web services APIs in Eucalyptus 2.0 through 3.4.1 allow remote attackers to cause a denial of service via vectors related to the "network connection clean up code" and (1) Cloud Controller (CLC), (2) Walrus, (3) Storage Controller (SC), and (4) VMware Broker (VB).

Best of the Web