Experts On Demand

17.06.2011

Security Update

The sophistication and usage of spear phishing attacks is on the rise as evidenced in numerous recent successful break-ins. Elsewhere, Microsoft Corp. revealed that the back-porting of Windows 7’s AutoRun implementation was highly successful in reducing malware rates. Lastly, Adobe Systems Inc. issued another round of patches to deal with security flaws.

Focal Points:

  • Recent attacks at prestigious organizations including the International Monetary Fund, Lockheed Martin, Oak Ridge National Laboratory, and RSA Security are highlighting the increased quantity and proficiency of spear phishing attacks. Spear phishing differs from traditional phishing in that it relies on well crafted social engineering to seduce targets. Preselected individuals are sent e-mails addressed directly to the recipient versus traditional phishing's approach of sending massive e-mail floods and informal, unpolished correspondences. Victims of spear phishing download insidious malware providing hackers with access to capabilities that may include account and password theft, installation on other network-attached systems, keystroke monitoring, and stealing data transmitted across an enterprise network. An attack's result provides a hacker with a permanent predatory with ongoing access to valuable enterprise information. Though firewalls and security monitoring are key to preventing these types of attack, neither alone or together will successfully fend off these threats.
  • Microsoft is touting a security update for Windows XP and Windows Vista with reducing certain types of malware infections by up to 82 percent. The update, originally issued as optional but later changed to install automatically, disables AutoRun functionality from running files on USB drives without a user's express execution. This AutoRun behavior was first included in Windows 7 at launch, and then later retrofitted to Windows XP and Vista. Statistics compiled by the Microsoft Malware Protection Center (MMPC) show that malware infection rates have dropped by 62 percent in Windows XP Service Pack 3 (SP3), 68 percent in Vista SP1, and 82 percent in Vista SP2. The AutoRun feature has been abused by numerous malware and worms in the last few years, including Cornficker and Stuxnet.
  • Adobe has issued another critical patch related to a vulnerability in Flash Player and also updated its PDF Reader to tackle 13 new bugs. This is the second update to Flash Player in less than 10 days and was pegged as "critical" by Adobe due to the potential for exploit to take control of an affected system. Adobe listed 11 of the flaws found in Reader as being "critical," with the list of vulnerabilities including buffer and heap overflows, memory corruption, and dynamic link library (DLL) hijacking. Though the company's latest PDF Reader, called Reader X, uses sandbox isolation technology to prevent malware from accessing other parts of a user's system, the company has distributed six patches for Flash Player since the beginning of the year. Patched versions of the company's software are available from its Web site.

Experton Group believes the recent spate of security attacks looks increasingly to appear as if coming from trusted sources and target newly-found, unpatched systems and applications. Microsoft’s elimination of AutoRun’s automatic initiation of executable files has made tremendous strides in reducing malware infections shared via flash drives; however, this is far from a panacea and malware propagation via other means remains extremely active. Strong antivirus and firewall policies are effective in dealing with many security issues but fail to provide the measures needed to identify and extricate malware that users willingly or unwillingly accept as trusted sources. IT executives should have security measures in place that rely on multiple firewall and anti-malware solutions to minimize exposure risks, and supplement those preventative measures with forensics tools that monitor for configuration changes and atypical access to network resources. As user activities remain rather constant from one day to the next, continuous monitoring of unauthorized access and heavy usage is essential in being able to quickly recognize the presence of unwanted threats. Though Adobe’s continued problems with security holes is cause for concern, the nature of these issues is more due to the company's strength as a provider of Internet-enabled applications than a developer of poorly written programs. IT executives should expect hackers to continue attacking Internet-enabled vectors that leverage popularly used programs, and dedicate sufficient resources to ensuring proper, proactive monitoring.

<- Back to: Pressemeldungen

Press

Experton Group is the leading fully integrated research, advisory and consulting company for mid-sized and large organizations, maximizing the business value of their ICT investments through innovative, neutral and independent expert advice.

Experton Group offers consulting services, market surveys, conferences, seminars and publications related to information and communications technology issues.

Our consulting portfolio includes technology, business processes, management and business co operations, investments and mergers.