Written By Dr Al Hartmann And Presented By Charles Leaver Ziften CEO
Be Strong or Get Hacked.
Extremely knowledgeable and gifted cyber attack groups have targeted and are targeting your business. Your huge endpoint population is the most common point of entry for skilled attack teams. These business endpoints number in the thousands, are loosely managed, laxly configured, and rife with vulnerability direct exposures, and are run by partially trained, credulous users – the ideal target-rich opportunity. Mikko Hypponen, chief research officer at F-Secure, frequently says at market seminars: “How many of the Fortune 500 are hacked right now? The response: 500.”
And how long did it take to permeate your organization? White hat hackers performing penetration screening or red group workouts usually jeopardize target enterprises within the first few hours, although fairly and lawfully limited in their techniques. Black hat or state sponsored hackers may achieve penetration even more rapidly and protect their existence forever. Given average cyber attacker dwell duration’s determined in numerous days, the time-to-penetration is minimal, not an impediment.
The industrialization of hacking has actually produced a black market for attack tools, including a range of software for identifying and making use of client endpoint vulnerabilities. These exploitation kits are marketed to cyber attackers on the dark web, with lots of exploitation kit families and suppliers. An exploitation package operates by evaluating the software application configuration on the endpoint, determining exposed vulnerabilities, and applying an exploit to a vulnerability exposure.
A relative handful of frequently deployed endpoint software applications accounts for the bulk of exploitation package targeted vulnerabilities. This results from the sad reality that complex software applications have the tendency to display a continuous flow of susceptibilities that leave them continuously vulnerable. Each patch release cycle the exploitation kit designers will download the most recent security patches, reverse engineer them to discover the underlying vulnerabilities, and update their exploit kits. This will frequently be done faster than organizations apply patches, with some vulnerabilities remaining unpatched and ripe for exploitation even years after a patch is issued.
Prior to extensive adoption of HTML 5, Adobe Flash was the most typically used software application for rich Internet content. Even with increasing adoption of HTML 5, legacy Adobe Flash maintains a considerable following, keeping its long-held position as the darling of exploit set authors. A recent research study by Digital Shadows, In the Business of Exploitation, is useful:
This report evaluates 22 exploitation sets to understand the most regularly exploited software applications. We searched for trends within the exploitation of vulnerabilities by these 22 packages to reveal what vulnerabilities had actually been exploited most extensively, combined with how active each exploit set was, in order to inform our assessment.
The vulnerabilities exploited by all 22 exploit packages revealed that Adobe Flash Player was likely to be the most targeted software, with 27 of the 76 determined vulnerabilities exploited referring to this software application.
With relative consistency, dozens of fresh vulnerabilities are uncovered in Adobe Flash monthly. To exploitation set developers, it is the present that continues giving.
The market is discovering its lesson and moving beyond Flash for rich web material. For example, a Yahoo senior developer blogging just recently in Streaming Media kept in mind:
” Adobe Flash, once the de-facto standard for media playback on the internet, has actually lost favor in the industry due to increasing concerns over security and efficiency. At the same time, needing a plugin for video playback in web browsers is losing favor amongst users as well. As a result, the market is approaching HTML5 for video playback.”
Amit Jain, Sep 21, 2016
Getting rid of Adobe Flash
One action organizations might take now to solidify their endpoint configurations is to eliminate Adobe Flash as a matter of business security policy. This will not be an easy task, it may be painful, but it will be helpful in minimizing your enterprise attack surface area. It involves blacklisting Adobe Flash Player and imposing browser security settings disabling Flash content. If done correctly, this is what users will see where Flash material appears on a traditional web page:
This message confirms 2 facts:
1. Your system is effectively configured to decline Flash content.
2. This site would compromise your security for their benefit.
Ditch this site!