New Report: Cyber Attacks Exploit 2 Vulnerabilities

Credit EligibleAs a BankInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking. Click For More Info

More than half of current cyber attacks against businesses and government agencies are focused on two common vulnerabilities.

This is the main finding of "The Top Cyber Security Risks," a new report based on data from actual attacks against organizations. The report, compiled by security vendors TippingPoint and Qualys, as well as the Internet Storm Center and SANS Institute, finds that client-side software and Internet-facing websites are organizations' greatest - and most overlooked - cyber risks.

Waves of targeted email attacks, often called spear phishing, are exploiting client-side vulnerabilities in commonly used programs such as Adobe PDF Reader, QuickTime, Adobe Flash and Microsoft Office, says Alan Paller, Research Director at SANS. This is currently the primary initial infection vector used to compromise computers that have Internet access. Those same client-side vulnerabilities are exploited by attackers who have infected visitors via insecure websites, he says.

[Note: For more insights from Paller on cyber risks, listen to this new podcast interview.]

Ed Skoudis, senior security consultant at Inguardians, a risk assessment and security forensics company, urges organizations to radically improve their protection. "Because exploitation of client-side programs such as browsers and media-playing software is such a dominant vector of attack today, organizations need to employ two reinforcing mechanisms to accomplish this," Skoudis says.

Click to Get Updates on the Latest Information Security News

Company* Title* Email* Subscription Type: HTML Text Healthcare Enews General Healthcare Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Government Enews General Government Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Banking Enews General Banking Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Credit Union Enews General Credit Union Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Need Help?

The report also offers best practices in mitigation and control of the top risks, as well as a tutorial, analysis of four key attacks, and advice from security experts who urge action to mitigate these critical risks.

How Client-side Exploits Happen
The reason that client-side software is so vulnerable is because the client programs are now the front door through which attackers walk to gain access to the rest of the environment. "Without proper security of client systems, attackers can compromise such systems on internal networks and use them as a jump-off point for complete control within an enterprise environment," Skoudis notes.

Because visitors feel safe downloading documents from trusted sites, they are easily fooled into opening documents and media (music, videos) that exploit client-side vulnerabilities. Some exploits do not even require the user to open documents. Simply accessing an infected website is all that is needed to compromise the client software.

The victims' infected computers are then used to propagate the infection and compromise other internal computers and sensitive servers incorrectly thought to be protected from unauthorized access by external entities. In many cases, the ultimate goal of the attacker is to steal data from the target organizations, and also to install back doors through which the attackers can return for further exploitation.

Web Application Attacks
The second critical area where hackers are focusing includes vulnerable Internet web site applications. Attacks against web applications constitute more than 60 percent of the total attack attempts observed on the Internet, according to the report. These vulnerabilities are being exploited widely to convert trusted web sites into malicious sites, serving content that contains client-side exploits. Web application vulnerabilities such as SQL injection and Cross-Site Scripting flaws in open-source, as well as custom-built applications, account for more than 80% of the vulnerabilities being discovered. Most website owners are running scans every quarter, but most those scans look for operating system errors and are ineffective in looking for SQL injection or cross-site scripting flaws.

The Internet Storm Center sees the attacks these hackers are making, says Dr. Johannes Ullrich, head of the center. "We do get a lot of reports of exploited web applications that are then used to reflect attacks to users of the web applications," he says.

In many cases, the web applications are compromised via mass-customized tools that are able to detect and exploit a wide range of vulnerabilities (for example web applications with SQL injection flaws running Microsoft SQL server as a back end, or web applications written in PHP with remote file inclusion vulnerabilities). "These attacks are so successful because users trust these websites and are willing to install software or follow links that are offered by these websites," Ullrich adds.