There seems to be a consistent theme at this year’s RSA Conference around the ineffectiveness of traditional defense strategies against modern malware attacks. Each day, I’ve jotted down notes from various sessions that include things like:
- Blacklist-based filters are ‘insecure by default’ systems. – Alberto Revelli, Senior Consultant, Cigital
- Blacklisting will not work anymore. – Enrique Salem, CEO, Symantec
- Malware with ~200 lines of code can defeat AV software with ~10 million lines of code. – William J. Lynn III, U.S. Deputy Secretary of Defense
- There are too many ways to test for bad input/parameters. You’re better off making the effort to ensure good validation of the known good. – Alberto Revelli
- Coding using whitelisting approach/methodology develops more secure applications. – Alberto Revelli
- Properly deployed whitelisting would have stopped all of last year’s attacks. – George Kurtz, CTO, McAfee
Not surprising, many of these same concerns fall in line with how experts in the security industry now see traditional antivirus software. In the article, “Attack mitigation tools fall short, security vendors say,” Gary Golumb, principal security researcher at Netwitness said industry assumptions about the effectiveness of attack mitigation technologies and approaches have been, in his terms, “horribly off base.” Continue reading this post…
The group of anonymous, yet highly proficient, hackers who recently released a decrypted version of the infamous Stuxnet cyberworm has, in my opinion, potentially opened up a Pandora’s box to similar worms and malware kits that could serve the same malicious intent.
While the article, “Anonymous Hackers Release Stuxnet Worm Online,” confirmed that the decompiled code the group has made available is not the actual worm itself, Michael Gregg, COO of Superior Solutions, said given the right tools, the information that has been leaked could make it easier for others to build something similar, essentially acting as a building block for cybercrooks. Continue reading this post…
While it has been in existence for years (which is another issue altogether), there is a “new” critical infrastructure attack in the news today: “Night Dragon”. In addition to naming this new attack with a really cool name, our friends at McAfee have done an excellent job analyzing every part of the multi-pronged attack in whitepaper titled “Global Energy Cyberattacks: Night Dragon”.
Night Dragon is a fascinating attack, with all sorts of international intrigue including links to entities in China (for a great primer on purported Chinese involvement in cyberattacks, check out Richard Stiennon’s blog). However, the multi-pronged attack is easily prevented by any good application whitelisting solution–just like Stuxnet. Continue reading this post…
Over the past decade, Apple has avoided the types of security problems that have plagued the Windows-based platform. Part of this can be attributed to the fact that the Mac’s relatively low market share has kept the platform under the radar of malware writers, who have primarily focused on Windows PCs to launch more widespread attacks.
But as cyber crime evolves and targets change, Mac users who once operated with the mindset that attackers are only focused on Windows systems, need to think again. Continue reading this post…
To evade detection, cyber criminals are constantly changing their tactics. To complicate matters, they’re also changing who they are targeting.
According to the article, “Cybercriminals new attack targets,” the newly released Cisco 2010 Annual Security report foresees a major turning point in cybercrime — a shift away from Windows-based PCs to other operating systems and platforms. As hackers’ “platform of choice” over the past decade, Windows operating systems, PC platform and application vendors have taken a tougher stance in protecting their products. As a result of finding it increasingly more difficult to exploit these platforms, scammers are moving on to other targets that, for the most part, have largely been ignored by hackers.
Does this mean Windows-based systems are now in the clear of cyber attacks? I hardly think so. But what it does suggest is that other platforms need to beef up their security to make sure they don’t become the next easy target for cyber criminals. Continue reading this post…