Tech Insight: Six Security Threats You Need To Know About
Security pros will have their hands full with revamped versions of current threats, while new ones also will bubble to the top
John Sawyer- Contributing Writer,
January 07, 2011
Security professionals were inundated with new attacks -- and even some old ones were given new life -- in 2010. We saw Adobe Acrobat and Flash became the No. 1 target of malware and penetration testers as new zero-day vulnerabilities were discovered and left unpatched for weeks, even months in some organizations.
On top of the everyday problems that security pros face, there was a huge uptick in malware that seemed to be coming at us from all directions. According to a report from Panda Security, 2010 was responsible for more than one-third of all known malware.
Many of the attacks that were discovered, as well as those that resurfaced, are likely to be around for a while as we move into 2011. Whether they will be a concern for your organization is something best left to a proper risk assessment; some might not be applicable. For example, if your computers are not connected to the Internet and USB flash drives are not allowed, then it's highly unlikely malware looking to steal online banking credentials will be an issue.
Following is a list of issues security pros should expect to face this year. The material comes from my recent presentation at "Bad Guys, Governance, And Other Things That Keep You Awake At Night," an InformationWeek and Dark Reading event in Washington, D.C., and New York.
Governance is a threat to both the sanity and effectiveness of nearly every security professional. It can be a silent killer to the best-planned security program when C-level executives do not back up the security efforts because they don't understand where their data is and what needs to be done to secure it. Effective communication of business risks and how to reduce that risk without impacting the bottom line too much is key.
We all know that malware, in general, is a problem. Targeted malware, however, has been on the rise for a couple of years, and Stuxnet finally brought that reality home for many. Unfortunately, malware can infiltrate a network in many different ways; it requires diligence and understanding on the part of the security pro to fight it at every level and handle the politics of putting protections in place that limit what employees can do.
3. Social Networks
Social networks are a double-edged sword that allow security pros to stay up on the latest information through sites like Twitter, yet provide an avenue of easy attack to users who are willing to click on every link they receive. In addition to malware, there's the problem with accidental disclosure of important details, like we've seen with the military through Facebook and politicians using Twitter. Having a current and well-defined policy is key, but so is regular awareness to users on what issues social networks can pose to both themselves and their employer.
Next: The return of DLL hijacking.
4. DLL Hijacking
One attack that resurfaced in 2010 was DLL hijacking. It has been called a couple of things, like binary planting or DLL preloading, but it has been a known issue for 10 years. What's interesting is that new research uncovered it as both an attack method for gaining control of a system and a method for malware to use as persistence. To make matters worse for security pros, new code released through the Metasploit Project made it incredibly easy to exploit. Microsoft has provided a few workarounds and fixes, but the issue has not been fixed fully because it affects many vendors. Exploit DB has been tracking vulnerable applications here.
Shodan garnered a lot of attention last year when security researchers showed just how easy it was to find vulnerable systems on the Internet without scanning for them. With Shodan, they could leverage scans performed by someone else, and for a small cost export all of that data and feed it into their attack tools. Shodan's exposure of vulnerable SCADA devices was enough impetus for CERT to publish an advisory warning of the possible exposure. The popularity of the site for researchers and penetration testers will only help it grow further and end up exposing more services on systems worldwide that could be vulnerable. It's a reminder to many to know what's on your network and what's exposed to the world.
6. Embedded Systems
Embedded systems made their way to the spotlight as more attacks were focused on printers, smart meters, industrial control systems, and the like. The VxWorks vulnerabilities published in August demonstrated how easy it is to exploit fiber channel switches, printers, and SCADA devices that were easily found via Shodan. Of course, working with the vendor and understanding what, if any, network access these devices have is critical when deploying them because they could provide an easy entry point into your network.
The attacks that gained popularity in 2010 will stick around for a while; many are hard to fix or involve systemic issues that take more than technical workarounds to mitigate. And as always, staying up-to-date on the latest attacks is key. As a defender, you have to get it right every time, but an attacker needs to get it right only once.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.