Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

4/4/2019
10:30 AM
Liron Barak
Liron Barak
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

True Cybersecurity Means a Proactive Response

Successful, secure organizations must take an aggressive, pre-emptive posture if they want true data security.

Cybercriminals are always works in progress. Their knowledge and ability to bypass security systems are constantly advancing. As they gain knowledge, they develop and implement sophisticated impersonation methods that are proving increasingly adept at evading detection and gaining access to secure data. This happens as many of their targets fail to adequately upgrade their security solutions to detect and protect against them. Currently, cybercriminals have many soft targets, and they know what to do to penetrate their systems. This climate that works in favor of the attacker underscores how organizations, as potential targets, need to rethink their approach to data and system security.

One of the most common approaches a cybercriminal takes is to present as an employee or friend of the organization under attack. This is the path of least resistance for introducing malicious code to a system disguised as a trusted application. In this way, and without the proper, updated security protocol in place, hackers fly under the radar to access sensitive information and even extract money. The cost can be steep for an enterprise that is breached in this way. A loss of assets can be crippling, as can the perceived loss of reputation. As these attacks become more common, organizations must prepare and have a modern, flexible security strategy in place that incorporates several layers of security.

How Do Hackers Introduce Malicious Code?
Common and widely used applications such as Microsoft Word and Adobe Reader are trusted, seemingly secure, and able to run code on an individual's computer. This makes these applications popular and effective entry points for hackers to introduce malicious code onto targeted systems.

Hackers are exploiting inherent vulnerabilities within these applications. Typically, the hacker uses a specifically designed link or document that presents itself as legitimate activity, and is sent to the recipient. Once the file or link is clicked, the weakness within the commandeered application allows the attack strain (ransomware, advanced persistent threats, spyware, or any other type of malware) to gain access to the host system.

Once the code penetrates the system, it can be difficult, even impossible, to detect. Remediating malicious code and removing it from an infected system is a difficult process. It is imperative that enterprises deploy security software that protects its data centers and valuable, sensitive information.

Identifying Malicious Code
The typical hacker has been at his or her craft for some time and understands how to exploit a host of security protocols in use today. For example, the traditional signature-based solutions rely on what they have learned from previous attacks to protect networks and systems from inbound threats, but they have little to recommend them in detecting and protecting against evolving and new threats.

Microsoft's Windows Malicious Software Removal Tool was developed to protect the Windows operating system. It looks at a computer, searches for malware, and eliminates it upon discovery. However, its soft spot is that it reacts to an attack after it has happened rather than providing proactive protection. Once a virus has gained access to a data center or network, it is more difficult to detect and remove, especially as it is likely it has already caused damage.

Machine learning solutions, which are considered more advanced, also rely on what has happened in the past to identify malicious code. Machine learning solutions have higher detection rates, but they cannot anticipate a cyberattack until one has already occurred from which it can learn. This is not an effective method against any new or emerging threats.

The Path to Cybersecurity
New cyber threats are emerging regularly and the solution to them lies in an aggressive, pre-emptive, proactive posture. Successful and secure organizations must begin to think this way if they want true data security.

To do this, organizations must pivot in their security mindset and begin to implement solutions that take a comprehensive look and map all legitimate executions of an application based on the codes written by its creators, such as Microsoft and Adobe. With that map, they can identify any inconsistencies or deviation from their source code. Recognized patterns and actions can then be confirmed in real time, while unidentified activities are reviewed and blocked instantaneously.

A proactive approach is a critical mindset change and an imperative if companies want to ensure they are in control of their network security. If organizations remain reactive, they will continue to consume valuable resources and risk their reputations as they chase after and remediate the mess left after the cyberattack has happened.

Related Content:

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Liron Barak, CEO and Co-Founder of BitDam, has over 10 years of experience dealing with the most sophisticated cyber threats and exploitation techniques. Prior to founding BitDam, Liron served in Unit 8200 of the Israeli Intelligence Corps, where she managed teams of highly ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
7 Truths About BEC Scams
Ericka Chickowski, Contributing Writer,  6/13/2019
DNS Firewalls Could Prevent Billions in Losses to Cybercrime
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/13/2019
Cognitive Bias Can Hamper Security Decisions
Kelly Sheridan, Staff Editor, Dark Reading,  6/10/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12855
PUBLISHED: 2019-06-16
In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.
CVE-2013-7472
PUBLISHED: 2019-06-15
The "Count per Day" plugin before 3.2.6 for WordPress allows XSS via the wp-admin/?page=cpd_metaboxes daytoshow parameter.
CVE-2019-12839
PUBLISHED: 2019-06-15
In OrangeHRM 4.3.1 and before, there is an input validation error within admin/listMailConfiguration (txtSendmailPath parameter) that allows authenticated attackers to achieve arbitrary command execution.
CVE-2019-12840
PUBLISHED: 2019-06-15
In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
CVE-2019-12835
PUBLISHED: 2019-06-15
formats/xml.cpp in Leanify 0.4.3 allows for a controlled out-of-bounds write in xml_memory_writer::write via characters that require escaping.