Written By Dr Al Hartmann And Presented By Charles Leaver Ziften CEO
Be Strong or Get Attacked.
Highly experienced and skilled cyber attack groups have actually targeted and are targeting your organization. Your large endpoint population is the most typical point of entry for proficient attack organizations. These business endpoints number in the thousands, are loosely handled, laxly configured, and rife with vulnerability direct exposures, and are operated by partially trained, credulous users – the best target-rich opportunity. Mikko Hypponen, chief research officer at F-Secure, typically mentions at market symposia: “How many of the Fortune 500 are attacked today? The response: 500.”
And how long did it take to permeate your enterprise? White hat hackers performing penetration testing or red team exercises normally jeopardize target enterprises within the very first few hours, even though ethically and legally limited in their approaches. Black hat or state sponsored hackers might attain penetration much more quickly and protect their presence forever. Provided typical assailant dwell duration’s determined in numerous days, the time-to-penetration is minimal, not an obstacle.
The industrialization of cyber attacks has developed a black market for attack tools, including a range of software applications for determining and exploiting customer endpoint vulnerabilities. These exploitation sets are marketed to cyber hackers on the dark web, with dozens of exploit set families and vendors. An exploitation set operates by evaluating the software setup on the endpoint, identifying exposed vulnerabilities, and using an exploitation to a vulnerability direct exposure.
A relative handful of typically deployed endpoint software applications accounts for the bulk of exploit kit targeted vulnerabilities. This results from the unfortunate truth that complex software applications tend to display a continual flow of susceptibilities that leave them constantly susceptible. Each patch release cycle the exploit package developers will download the current security patches, reverse engineer them to discover the underlying vulnerabilities, and upgrade their exploitation packages. This will typically be done more quickly than enterprises use patches, with some vulnerabilities remaining unpatched and ripe for exploitation even years after a patch is released.
Prior to extensive adoption of HTML 5, Adobe Flash was the most commonly used software application for abundant Web material. Even with increasing adoption of HTML 5, legacy Adobe Flash keeps a significant following, keeping its long-held position as the darling of exploit set authors. A current study by Digital Shadows, In the Business of Exploitation, is instructional:
This report analyzes 22 exploit packages to comprehend the most frequently exploited software. We looked for patterns within the exploitation of vulnerabilities by these 22 kits to reveal exactly what vulnerabilities had been exploited most extensively, coupled with how active each exploit kit was, in order to inform our assessment.
The vulnerabilities exploited by all 22 exploitation packages showed that Adobe Flash Player was most likely to be the most targeted software application, with twenty seven of the 76 identified vulnerabilities exploited pertaining to this software application.
With relative consistency, dozens of fresh vulnerabilities are uncovered in Adobe Flash each month. To exploitation kit designers, it is the present that keeps on giving.
The market is discovering its lesson and moving beyond Flash for rich web material. For example, a Yahoo senior designer blogging recently in Streaming Media kept in mind:
” Adobe Flash, for a long time the de-facto requirement for media playback on the internet, has actually lost favor in the market due to increasing concerns over security and efficiency. At the same time, needing a plugin for video playback in browsers is losing favor amongst users too. As a result, the industry is moving toward HTML5 for video playback.”
Amit Jain, Sep 21, 2016
Banishing Adobe Flash
One action businesses may take now to harden their endpoint configurations is to eradicate Adobe Flash as a matter of organization security policy. This will not be convenient, it may hurt, however it will be handy in reducing your enterprise attack surface. It includes blacklisting Adobe Flash Player and implementing internet browser security settings disabling Flash content. If done properly, this is exactly what users will see where Flash material appears on a traditional website:
This message validates two truths:
1. Your system is properly set up to refuse Flash content.
2. This site would compromise your security for their benefit.
Ditch this website!