Welcome to FASTiiS

If you would like to setup a member account
please Click Here

you can read more about the benefits of membership here

If you'd like to sign up to our news bulletins click here

ROI Login

Login here to download the ROI Tool.
To register for ROI Tool click here

Member Login

Please login to your account here to access all of the members only content.

Law Enforcement Login

Please login to your Law Enforcement portal account here.

Register

February 2012

IT Security Threats

F-Secure
James Thompson
James Thompson 
F-Secure

IT security threats change at a rapid pace, there is a constant game of cat and mouse happening behind the scenes between security vendors and malware authors. Researchers come up with a novel method of mitigating a particular exploit, so the 'bad guys' develop their own new methods to circumvent security measures.

F-Secure's labs in Finland receive a huge amount of malware, typically between fifty thousand and three hundred thousand samples every day. By analysing the purpose and sometimes the origin of this malicious software we have a very good understanding of the current 'threat landscape'. We know, for example, that there are groups of developers who create malware to a very high standard, they employ quality testers to ensure the stability of their code and they of course check for the likelihood of their software being discovered by security solutions, like antivirus software and intrusion detection/prevention systems. This makes the effort of protecting against these evolving threats a huge challenge.

It is important for IT professionals to be aware of these threats so that the corporate network can be made as secure as possible, as this will be the difference between security compromises being common or occasional.

A useful study into the main malware propagation techniques was released by Microsoft in their 2011 security summary. Their research was based on data collected from 600 million end points worldwide and therefore gives us a solid basis to make some generalisations. Their findings showed that approximately 50% of all malware infections required some form of user interaction to execute. User interaction means that an end user would have clicked a link in a malicious e-mail or directly visited a hijacked website, therefore downloading malicious code.

This interesting report highlights the importance of end user education. Your average non-IT office worker will not be aware of the methods used to compromise a system - clicking on a link in an e-mail that apparently came from a colleague or a friend will not be thought of as a security risk, although this is just what it could be.

As security solutions have become more sophisticated and able to deal with a large range of malware and spam, the internet underworld has turned back to operating relatively simple ‘social engineering' attacks to circumvent these systems. For example, even a stateful firewall that blocks all inbound connections will still allow data into the network if an end user has initiated a connection. This means that if an end user browses to a URL of a hijacked site, an exploit will be downloaded onto the user’s computer along with the images and text that make up the web site - a firewall will not stop this.

Most of these types of threat are designed to exploit vulnerabilities in common applications, such as operating systems and browsers. F-Secure has an online health checker which users can run from the web to find out which of their application are out of date. We collect statistical data from this service and it has revealed that over 80% of all computers on the internet have either an out of date version of Adobe or Flash. This is a startling statistic – it demonstrates that a huge proportion of the devices on the web are vulnerable to exploitation. This highlights that patch management is a crucially important exercise, particularly on a corporate network where it becomes very challenging to keep on top of the wide variety of applications used.

In the last 20 years we have seen a shift from malware being distributed by floppy disk, then e-mail, now mainly by hijacked websites. There are two emerging trends that are coming to the forefront of malicious software distribution; social media and spear phishing. Sites such as Facebook and Twitter are increasingly being used to direct users to hijacked sites, the former business has actually teamed up with Websense to provide some protection, however, since this relationship has begun there has been at least one high profile malware attack (known as a linkspam virus) which injected pornographic content into users’ newsfeeds. Recent high profile victims of spear phishing have been Norwegian defence and energy companies who were hacked by attackers using seemingly legitimate emails, sent to specific employees, which contained viruses tailored for the target that handed them remote access.

To summarise, the threat landscape is ever changing and maintaining a high level of security is a constant challenge. In order to mitigate the threats that these new attack vectors present, it should be the goal of an IT department to introduce a range of practices designed to reduce risk to an acceptable level. These should include:

  1. Run endpoint protection software that protects against ‘zero day’ exploits.
  2. Make use of browsing protection features that prevent workstations from downloading malicious content from hijacked sites.
  3. Ensure that operating systems and applications (especially Java, Flash, Adobe and Internet Browsers) are fully patched.
  4. Be careful about what links you follow in e-mails and on social media sites.
  5. Make use of spam solutions that use more than simple Bayesian/Heuristic detection methods.
Go Back