Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Comments
How Malware Bypasses Our Most Advanced Security Measures
Newest First  |  Oldest First  |  Threaded View
macker490
macker490,
 User Rank: Ninja
2/13/2015 | 9:33:38 AM
Re: Thinking like a Hacker
on a special presentation over the BBC on U of M Public Radio the presenters noted that the internet is more than technology: it is an enabler

thus: when technology is used to provide some new service the hacker will examine that service asking "what does this enable?" how can I re-direct this to my own purpose ?

they are patient and they are persistent: if there is a way in: they will find it.
  • MALVERTISING : If I can purchase an ad on a high traffice web page and then update my ad to include malware then perhaps I can exploit a privilege escallation in your computer and get my program running in your computer.   After that when you sign into the credit union I can write myself a check.  Or if you do your taxes online I can steal your ID info
  • PHISHING : maybe I can send out some e/mail that looks legitimate but actually carries a TROJAN that can exploit a privilege escallation in your computer.   maybe I can pwn your box and add it to my BOTNET -- or other mischief
  • SQL INJECTION : if your server is feeding input data directly from the open web into your data base maybe I can send you a script where you are expecting data and get your database to transmit all your files to me
  • XSS ( Cross Site Scripting ) maybe when you are running a popular page I can get an ad or some phish bait to run a maliscious script from some hacker page
  • IDENTITY THEFT : maybe I can buy your identity from some darknet service such as SUPERGET ( See KREBS on this ) and come up with the info I need to do your taxes for you.  no charge for this service
  • AUTORUN on a thumb drive is another vector that often works to get malware into your computer
  • COMPROMISED enployee
  • SHORTCUTS -- bypassing security protocols for convenience
  • DOWNLOADS perhaps I can offer some cool program, often for free, -- and include some unpleasant surprises with the package .   often these come as SCAMWARE where it shows "check this box for ths cool added feature" -- and of course the box is already checked for you
  • SCAREWARE warnings such as "your computer is infected really really bad -- click here and we'll clean it up for you"

ROAD CLOSED

a lot of hacking depends on getting un-authorized programming, aka "malware", aka "virus" into the victim's computer(s).  and hacking also makes use of stolen identification data . reducing hacking depends on closing the opening that are being exploited.   Use a secure O/S where a secure O/S is one which will not permit itself to be modified by the actions of an application program.   A bad web page should not be able to infect your operating software.  AUTHENTICATE transactions.   Transactions include eMail obviously but also software transmittals and other important business such as your Forms 1040.

Technology is great but remember: it acts as an enabler.    Be careful waht you enable.
RyanSepe
RyanSepe,
 User Rank: Ninja
2/12/2015 | 10:39:18 AM
Re: we don't use our most advanced security system
But I love free donuts! My main point is that we need to start thinking like the attackers and planning accordingly instead of always being in reaction mode.


To your point, this would very much include preventative measures and user interaction for a comprehensive approach.
macker490
macker490,
 User Rank: Ninja
2/12/2015 | 10:35:50 AM
we don't use our most advanced security system
hack attacks are associated with un-authorized programming in many cases -- particularly the BLACKPOS and BACKOFF ram-scrapers used to steal credit card data.   these updates are installed on the victims' systems and this is possible because we fail to authenticate software changes before installing them,-- or we are using vulnerable operating software.   In many cases vulnerable operating software is exploited by malvertising or phishing -- both of which rely on our failure to authenticate.

in the case of tax fraud the hacking takes advantage of our failure to authenticate tax returns.

the authentication software -- originally PGP but now also GnuPG -- has been available for some time.   As I said: the problem is our failure to properly and effectively use or most advanced security measure: public key encryption.

proper authentication procedures require user participation.   it's not something that can be passed out like free donuts.

 

 
RyanSepe
RyanSepe,
 User Rank: Ninja
2/12/2015 | 8:30:33 AM
Re: Preventative measures?
It seems like that is the general template for now. Which is why security needs to promote further innovation instead of increasing the efficiency of dilapidated safeguards we currently use; as the vectors they seek to protect have already been exploited further than they could catch up to effectively.

I would like to see an increase in security firms seeking to construct new types of malware. I feel that with security professionals trying to think like malicious intenders that we would be able to construct strains similar to the ones that are rapidly appearing. Then in the case of an event we might be ready to mitigate it before it even becomes a threat.
alonnn
alonnn,
 User Rank: Apprentice
2/11/2015 | 7:07:29 PM
Re: Evasion Technique Prevention
Hi RyanSepe,

It'll be tricky to cover this in a single article but we'll definitely try. To at least comment on the techniques part of your question -- essentially this is what all AV vendors are doing or trying to do, detect malware regardless of the evasion techniques it uses.
alonnn
alonnn,
 User Rank: Apprentice
2/11/2015 | 7:01:32 PM
Re: Preventative measures?
Hi Whoopty,

Besides keeping your software stack (OS + 3rd party applications) up to date with security patches (and this also includes using the latest versions, especially for OS, since there are major security-related improvements between major OS versions), the practical solution against malware is having strong end point protection.

There is somewhat of an agreement in the security industry that there will always be some exploitable vulnerabilities, and that "something" will always get through. There are some solutions that try and isolate your sensitive data, but the main branch of solutions is about detecting the threat after it got into the system, and being able to mitigate it, before or after malicious code is executed.

In that sense, you're right in a way that it will likely always be infection-scan-cleanup although I would phrase it infection-detection-cleanup. Unless of course everyone writes perfect software :)

 
Whoopty
Whoopty,
 User Rank: Ninja
2/11/2015 | 11:56:49 AM
Preventative measures?
It often feels like beyond practicing basic anti-phishing security and steering clear of pirated software, there isn't much to be done to actively protect yourself from malware. Will it always be a case of infection-scan-cleanup? Will new types of malware always slip through the net until they're identified? 
RyanSepe
RyanSepe,
 User Rank: Ninja
2/11/2015 | 8:26:19 AM
Evasion Technique Prevention
Can you do a follow up to this article denoting current techniques and strategies to correspond with the evasions you posted? The other side of the coin would be good to have so that they can be critiqued as to why they may not be up to par. This will be helpful for future security architecting.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Everything You Need to Know About DNS Attacks
It's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask. Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted. Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-33196
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
CVE-2023-33185
PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
CVE-2023-33187
PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
CVE-2023-33194
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
CVE-2023-2879
PUBLISHED: 2023-05-26
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file