Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

4/4/2019
10:30 AM
Liron Barak
Liron Barak
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

True Cybersecurity Means a Proactive Response

Successful, secure organizations must take an aggressive, pre-emptive posture if they want true data security.

Cybercriminals are always works in progress. Their knowledge and ability to bypass security systems are constantly advancing. As they gain knowledge, they develop and implement sophisticated impersonation methods that are proving increasingly adept at evading detection and gaining access to secure data. This happens as many of their targets fail to adequately upgrade their security solutions to detect and protect against them. Currently, cybercriminals have many soft targets, and they know what to do to penetrate their systems. This climate that works in favor of the attacker underscores how organizations, as potential targets, need to rethink their approach to data and system security.

One of the most common approaches a cybercriminal takes is to present as an employee or friend of the organization under attack. This is the path of least resistance for introducing malicious code to a system disguised as a trusted application. In this way, and without the proper, updated security protocol in place, hackers fly under the radar to access sensitive information and even extract money. The cost can be steep for an enterprise that is breached in this way. A loss of assets can be crippling, as can the perceived loss of reputation. As these attacks become more common, organizations must prepare and have a modern, flexible security strategy in place that incorporates several layers of security.

How Do Hackers Introduce Malicious Code?
Common and widely used applications such as Microsoft Word and Adobe Reader are trusted, seemingly secure, and able to run code on an individual's computer. This makes these applications popular and effective entry points for hackers to introduce malicious code onto targeted systems.

Hackers are exploiting inherent vulnerabilities within these applications. Typically, the hacker uses a specifically designed link or document that presents itself as legitimate activity, and is sent to the recipient. Once the file or link is clicked, the weakness within the commandeered application allows the attack strain (ransomware, advanced persistent threats, spyware, or any other type of malware) to gain access to the host system.

Once the code penetrates the system, it can be difficult, even impossible, to detect. Remediating malicious code and removing it from an infected system is a difficult process. It is imperative that enterprises deploy security software that protects its data centers and valuable, sensitive information.

Identifying Malicious Code
The typical hacker has been at his or her craft for some time and understands how to exploit a host of security protocols in use today. For example, the traditional signature-based solutions rely on what they have learned from previous attacks to protect networks and systems from inbound threats, but they have little to recommend them in detecting and protecting against evolving and new threats.

Microsoft's Windows Malicious Software Removal Tool was developed to protect the Windows operating system. It looks at a computer, searches for malware, and eliminates it upon discovery. However, its soft spot is that it reacts to an attack after it has happened rather than providing proactive protection. Once a virus has gained access to a data center or network, it is more difficult to detect and remove, especially as it is likely it has already caused damage.

Machine learning solutions, which are considered more advanced, also rely on what has happened in the past to identify malicious code. Machine learning solutions have higher detection rates, but they cannot anticipate a cyberattack until one has already occurred from which it can learn. This is not an effective method against any new or emerging threats.

The Path to Cybersecurity
New cyber threats are emerging regularly and the solution to them lies in an aggressive, pre-emptive, proactive posture. Successful and secure organizations must begin to think this way if they want true data security.

To do this, organizations must pivot in their security mindset and begin to implement solutions that take a comprehensive look and map all legitimate executions of an application based on the codes written by its creators, such as Microsoft and Adobe. With that map, they can identify any inconsistencies or deviation from their source code. Recognized patterns and actions can then be confirmed in real time, while unidentified activities are reviewed and blocked instantaneously.

A proactive approach is a critical mindset change and an imperative if companies want to ensure they are in control of their network security. If organizations remain reactive, they will continue to consume valuable resources and risk their reputations as they chase after and remediate the mess left after the cyberattack has happened.

Related Content:

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Liron Barak, CEO and Co-Founder of BitDam, has over 10 years of experience dealing with the most sophisticated cyber threats and exploitation techniques. Prior to founding BitDam, Liron served in Unit 8200 of the Israeli Intelligence Corps, where she managed teams of highly ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15208
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can ...
CVE-2020-15209
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one....
CVE-2020-15210
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and ...
CVE-2020-15211
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices f...
CVE-2020-15212
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write to outside of `outpu...