Vulnerabilities / Threats
7/26/2013
03:49 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Honoring Black Hat's Sweet 16, Venafi Report Chronicles 16 Years of Attacks, Offers Advice On Defending Against Advanced Threats

Chronicled in the report are the different eras of attacks and attackers, with factual examples of attacks and exploits from each period

SALT LAKE CITY, UT--(Marketwired - Jul 24, 2013) - Venafi, the inventor of and market leader in Enterprise Key and Certificate Management (EKCM) security solutions, is celebrating Black Hat's "Sweet 16" with the release of its latest report, "16 Years of Black Hat - 16 Years of Attacks: A Historical Overview of the Evolving Cyberattack Landscape." The report chronicles the last 16 years of attacks, threats and exploits, and analyzes how they've evolved and intensified over time. The report also offers advice to enterprises on how to better defend against a new era of attacks that increasingly leverage unprotected cryptographic keys and digital certificates -- the security technologies that form the foundation of IT security and online trust.

Report readers will learn about the history and evolution of attacks and the changing faces of attackers. They will also realize that criminals have used every weapon in their arsenal -- from malware and Trojans to attacks on trust -- in order to make a name for themselves, disrupt business, and steal data and state secrets. The report shows that as enterprises have responded, advanced attackers have had to develop new and more resistant attack and evasion methods. More recent persistent and targeted attacks demonstrated a range or attack methods and provided powerful blueprints for more common cybercriminals.

"State-backed and organized cybercriminals learned from early hackers that their vast resources could be used for a variety of nefarious, disruptive or lucrative activities. Common criminals looking for the path of least resistance have mimicked advanced attack methods. This, coupled with organizations' failure to secure and protect keys and certificates has left the front doors open for attackers to enter at will and pilfer whatever sensitive data they want, whenever they want," said Jeff Hudson, Venafi CEO.

"Organizations must stop blindly trusting keys and certificates, and take steps to understand how these attacks work and what they can do to defend against them. Otherwise, they are a vulnerable target to anyone with a cause, computer and Internet connection."

Chronicled in the report are the different eras of attacks and attackers, with factual examples of attacks and exploits from each period, including overviews of the CIH computer virus, Melissa, Code Red, MD5, Aurora, Stuxnet and Flame. Historical eras include:

1997-2003: VIRUSES, WORMS AND A LITTLE DENIAL

2004-2005: THE BIRTH OF FOR-PROFIT MALWARE

2007-2009: THE RISE OF APTS

2010-PRESENT: ASSAULT ON TRUST USING KEY AND CERTIFICATE-BASED ATTACKS

To access "16 Years of Black Hat - 16 Years of Attacks: A Historical Overview of the Evolving Cyberattack Landscape," visit: www.venafi.com/sweet16

About Venafi

Venafi is the inventor of and market leader in Enterprise Key and Certificate Management (EKCM) security solutions. Venafi delivered the first enterprise-class solution to automate the provisioning, discovery, monitoring and management of digital certificates and encryption keys -- from the datacenter to the cloud and beyond -- built specifically for encryption management interoperability across heterogeneous environments. Venafi products reduce the unquantified and unmanaged risks associated with encryption deployments that result in data breaches, security audit failures and unplanned system outages. Venafi customers include the world's most prestigious Global 2000 organizations in financial services, insurance, high tech, telecommunications, aerospace, healthcare and retail. Venafi is backed by top-tier venture capital funds, including Foundation Capital, Pelion Venture Partners and Origin Partners. For more information, visit www.venafi.com.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-2184
Published: 2015-03-27
Movable Type before 5.2.6 does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via the comment_state parameter.

CVE-2014-3619
Published: 2015-03-27
The __socket_proto_state_machine function in GlusterFS 3.5 allows remote attackers to cause a denial of service (infinite loop) via a "00000000" fragment header.

CVE-2014-8121
Published: 2015-03-27
DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up while the database is iterated over...

CVE-2014-9712
Published: 2015-03-27
Websense TRITON V-Series appliances before 7.8.3 Hotfix 03 and 7.8.4 before Hotfix 01 allows remote administrators to read arbitrary files and obtain passwords via a crafted path.

CVE-2015-2157
Published: 2015-03-27
The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory.

Dark Reading Radio
Archived Dark Reading Radio
Good hackers--aka security researchers--are worried about the possible legal and professional ramifications of President Obama's new proposed crackdown on cyber criminals.