Written By Dr Al Hartmann And Presented By Chuck Leaver Ziften CEO
Get Tough or Get Attacked.
Highly experienced and skilled cyber attack teams have actually targeted and are targeting your business. Your large endpoint population is the most typical point of entry for experienced attack groups. These enterprise endpoints number in the thousands, are loosely managed, laxly set up, and swarming with vulnerability direct exposures, and are run by partially trained, credulous users – the ideal target-rich opportunity. Mikko Hypponen, chief research officer at F-Secure, often remarks at industry symposia: “How many of the Fortune 500 are attacked today? The response: 500.”
And for how long did it take to penetrate your business? White hat hackers performing penetration screening or red group workouts generally compromise target enterprises within the very first couple of hours, despite the fact that ethically and lawfully limited in their approaches. Black hat or state sponsored hackers may accomplish penetration even more quickly and secure their existence indefinitely. Given average assailant dwell duration’s determined in numerous days, the time-to-penetration is negligible, not an obstacle.
The industrialization of hacking has actually developed a black market for attack tools, consisting of a variety of software for recognizing and exploiting customer endpoint vulnerabilities. These exploitation sets are marketed to cyber assailants on the dark web, with lots of exploit package families and vendors. An exploit package runs by assessing the software configuration on the endpoint, determining exposed vulnerabilities, and applying an exploitation to a vulnerability exposure.
A relative handful of typically deployed endpoint software represent the bulk of exploitation set targeted vulnerabilities. This arises from the unfortunate reality that complex software applications have the tendency to show a continual flow of vulnerabilities that leave them continuously vulnerable. Each patch release cycle the exploitation kit designers will download the most recent security patches, reverse engineer them to find the underlying vulnerabilities, and update their exploit packages. This will often be done more quickly than organizations apply patches, with some vulnerabilities staying unpatched and ripe for exploitation even years after a patch is provided.
Prior to prevalent adoption of HTML 5, Adobe Flash was the most frequently utilized software application for rich Internet material. Even with increasing adoption of HTML 5, legacy Adobe Flash preserves a significant following, keeping its long-held position as the beloved of exploitation set authors. A recent study by Digital Shadows, In the Business of Exploitation, is instructive:
This report analyzes 22 exploitation kits to understand the most frequently exploited software. We searched for trends within the exploitation of vulnerabilities by these 22 packages to show exactly what vulnerabilities had actually been exploited most commonly, coupled with how active each exploit set was, in order to inform our evaluation.
The vulnerabilities exploited by all 22 exploit kits showed that Adobe Flash Player was most likely to be the most targeted software, with 27 of the seventy six identified vulnerabilities exploited relating to this software application.
With relative consistency, dozens of fresh vulnerabilities are revealed in Adobe Flash every month. To exploitation kit designers, it is the gift that continues giving.
The industry is learning its lesson and moving beyond Flash for rich web material. For instance, a Yahoo senior developer blogging recently in Streaming Media noted:
” Adobe Flash, once the de-facto requirement for media playback on the web, has lost favor in the industry due to increasing concerns over security and performance. At the same time, needing a plugin for video playback in browsers is losing favor amongst users also. As a result, the market is moving toward HTML5 for video playback.”
Amit Jain, Sep 21, 2016
Eliminating Adobe Flash
One step businesses may take today to harden their endpoint configurations is to get rid of Adobe Flash as a matter of organization security policy. This will not be an easy task, it might be painful, but it will be valuable in reducing your enterprise attack surface area. It involves blacklisting Adobe Flash Player and imposing web browser security settings disabling Flash content. If done properly, this is exactly what users will see where Flash material appears on a legacy web page:
This message validates 2 realities:
1. Your system is correctly configured to refuse Flash material.
2. This website would jeopardize your security for their convenience.
Ditch this website!