In the midst of March Madness, it seems like security professionals everywhere are scurrying to find ways to safeguard their enterprises from new forms of malware and exploit techniques that have successfully bypassed most antivirus protections throughout the first quarter of 2010. With systems constantly under attack, what’s important is making sure our computer endpoints are protected from the latest viruses and botnets out there. Check out some of the top stories from March 2010.

Faulty updates and new exploit techniques cause more problems for Microsoft
March was another rough month for Microsoft. New exploit techniques and faulty security updates continued to create operating problems and cause frustration with Windows users.
Even the publicity for IE zero-day vulnerabilities has created more problems. A recent McAfee blog post helped a hacker create working exploit code that slips through the backdoor to perform various functions on the compromised system. The most alarming part was it took the hacker all but 10 minutes to de-obfuscate the exploit and pinpoint the underlying vulnerability. He said in an email exchange:
“It just took a few minutes of digging in that host to find the exploit. I did some basic debugging to the vulnerability and found the vulnerable code within iepeers.dll.”
Antivirus failures say a lot about current state of AV industry
A study by NSS Labs revealed just how ineffective some of today’s top anti-virus software solutions are at stopping one of the most highly profiled and successful cyber attacks of 2010. In a test to see how many AV products could catch variants of the Operation Aurora attack, only one out of seven correctly thwarted multiple exploits and malicious code payloads.
Unfortunately, this says a lot about the current state of the AV industry. With so many new viruses and malware variants successfully bypassing security solutions, we need to shift our way of thinking about how to protect our networks. It’s time to rethink our approach to endpoint security that begins with a foundation of whitelisting that would defeat new malware completely independent of the vulnerability or attack.
Cyberwar or not, preparation is the real issue
There’s been a lot of debate lately about whether or not we are in a cyberwar. Our friend and White House Cyber Czar, Howard Schmidt, says we aren’t. The highly publicized targeted Aurora attacks that have created international tensions between Google and China say otherwise. To me, whether or not we are in a cyberwar is irrelevant.
What’s important is that we are continually re-evaluating our existing security strategies and doing everything we can to defend our networks and critical infrastructures from harmful botnets and malware, and working together to help stop cyber criminals from perpetrating more attacks.
Security experts at RSA wrestle with ways to better protect cardholder data
Finally, this year’s RSA Security Conference discussed how ever-changing malware variants continue to find new ways to evade detection. In particular, the highly customizable and easily obtainable Zeus Trojan kit has been successful by laying dormant on a victim’s computer before springing to life when they visit a banking site. Said Michael Barrett, CISO at PayPal:
“There’s no question the technology capability of malware is getting nastier and nastier. … Man-in-the-browser gives a criminal a way to piggyback a transaction.”
Experts at the annual event went back and forth on what fundamental changes are needed to protect credit card data. While end-to-end encryption helps, most agreed that it’s just a piece of a defense-in-depth approach to protect cardholder data. Said Steven Elefant, CIO of Heartland Payment Systems:
“It’s a part of your DNA and we’ve gone on now to look at multiple technologies to make sure that in the worst case scenario — people do get in — that the data is unusable. I agree that end-to-end encryption isn’t end all be all.”
I appreciate you stopping by to read this blog. As I continue to highlight and comment on some of the industry’s hottest topics, I encourage any feedback you may have. Come back soon.