Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

4/4/2019
10:30 AM
Liron Barak
Liron Barak
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

True Cybersecurity Means a Proactive Response

Successful, secure organizations must take an aggressive, pre-emptive posture if they want true data security.

Cybercriminals are always works in progress. Their knowledge and ability to bypass security systems are constantly advancing. As they gain knowledge, they develop and implement sophisticated impersonation methods that are proving increasingly adept at evading detection and gaining access to secure data. This happens as many of their targets fail to adequately upgrade their security solutions to detect and protect against them. Currently, cybercriminals have many soft targets, and they know what to do to penetrate their systems. This climate that works in favor of the attacker underscores how organizations, as potential targets, need to rethink their approach to data and system security.

One of the most common approaches a cybercriminal takes is to present as an employee or friend of the organization under attack. This is the path of least resistance for introducing malicious code to a system disguised as a trusted application. In this way, and without the proper, updated security protocol in place, hackers fly under the radar to access sensitive information and even extract money. The cost can be steep for an enterprise that is breached in this way. A loss of assets can be crippling, as can the perceived loss of reputation. As these attacks become more common, organizations must prepare and have a modern, flexible security strategy in place that incorporates several layers of security.

How Do Hackers Introduce Malicious Code?
Common and widely used applications such as Microsoft Word and Adobe Reader are trusted, seemingly secure, and able to run code on an individual's computer. This makes these applications popular and effective entry points for hackers to introduce malicious code onto targeted systems.

Hackers are exploiting inherent vulnerabilities within these applications. Typically, the hacker uses a specifically designed link or document that presents itself as legitimate activity, and is sent to the recipient. Once the file or link is clicked, the weakness within the commandeered application allows the attack strain (ransomware, advanced persistent threats, spyware, or any other type of malware) to gain access to the host system.

Once the code penetrates the system, it can be difficult, even impossible, to detect. Remediating malicious code and removing it from an infected system is a difficult process. It is imperative that enterprises deploy security software that protects its data centers and valuable, sensitive information.

Identifying Malicious Code
The typical hacker has been at his or her craft for some time and understands how to exploit a host of security protocols in use today. For example, the traditional signature-based solutions rely on what they have learned from previous attacks to protect networks and systems from inbound threats, but they have little to recommend them in detecting and protecting against evolving and new threats.

Microsoft's Windows Malicious Software Removal Tool was developed to protect the Windows operating system. It looks at a computer, searches for malware, and eliminates it upon discovery. However, its soft spot is that it reacts to an attack after it has happened rather than providing proactive protection. Once a virus has gained access to a data center or network, it is more difficult to detect and remove, especially as it is likely it has already caused damage.

Machine learning solutions, which are considered more advanced, also rely on what has happened in the past to identify malicious code. Machine learning solutions have higher detection rates, but they cannot anticipate a cyberattack until one has already occurred from which it can learn. This is not an effective method against any new or emerging threats.

The Path to Cybersecurity
New cyber threats are emerging regularly and the solution to them lies in an aggressive, pre-emptive, proactive posture. Successful and secure organizations must begin to think this way if they want true data security.

To do this, organizations must pivot in their security mindset and begin to implement solutions that take a comprehensive look and map all legitimate executions of an application based on the codes written by its creators, such as Microsoft and Adobe. With that map, they can identify any inconsistencies or deviation from their source code. Recognized patterns and actions can then be confirmed in real time, while unidentified activities are reviewed and blocked instantaneously.

A proactive approach is a critical mindset change and an imperative if companies want to ensure they are in control of their network security. If organizations remain reactive, they will continue to consume valuable resources and risk their reputations as they chase after and remediate the mess left after the cyberattack has happened.

Related Content:

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Liron Barak, CEO and Co-Founder of BitDam, has over 10 years of experience dealing with the most sophisticated cyber threats and exploitation techniques. Prior to founding BitDam, Liron served in Unit 8200 of the Israeli Intelligence Corps, where she managed teams of highly ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/5/2020
Abandoned Apps May Pose Security Risk to Mobile Devices
Robert Lemos, Contributing Writer,  5/29/2020
How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
Peter Barker, Chief Product Officer at ForgeRock,  6/1/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: What? IT said I needed virus protection!
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13842
PUBLISHED: 2020-06-05
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). A dangerous AT command was made available even though it is unused. The LG ID is LVE-SMP-200010 (June 2020).
CVE-2020-13843
PUBLISHED: 2020-06-05
An issue was discovered on LG mobile devices with Android OS software before 2020-06-01. Local users can cause a denial of service because checking of the userdata partition is mishandled. The LG ID is LVE-SMP-200014 (June 2020).
CVE-2020-13839
PUBLISHED: 2020-06-05
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Code execution can occur via a custom AT command handler buffer overflow. The LG ID is LVE-SMP-200007 (June 2020).
CVE-2020-13840
PUBLISHED: 2020-06-05
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Code execution can occur via an MTK AT command handler buffer overflow. The LG ID is LVE-SMP-200008 (June 2020).
CVE-2020-13841
PUBLISHED: 2020-06-05
An issue was discovered on LG mobile devices with Android OS 9 and 10 (MTK chipsets). An AT command handler allows attackers to bypass intended access restrictions. The LG ID is LVE-SMP-200009 (June 2020).