Zero day exploits and custom malware pack deadly punches and frequently grab the headlines, but many cyber criminals are focusing on less sophisticated methods to bypass security, according to a recent report from IBM’s X-Force security research team.
Attackers are having easy success in targeting unpatched flaws in commonly used applications such as Adobe Flash and Java and are still using social engineering techniques and they are the most cost effective hacking techniques, according the X-Force 2013 Mid-year Trend and Risk Report.
For example Web app vulnerabilities like coding errors found in content management systems are down this year making up 31 per cent of publicly reported vulnerabilities compared to 42 per cent in 2012. However, cyber criminals are focusing their attacks on third-party builders of plug-ins for CMSs and only 54 per cent of vulnerabilities had a patch supplied in the first half of 2013, according to IBM.
Attackers have also demonstrated enhanced methods in using distributed-denial-of-service (DDoS) that increase the amounts of capable bandwidth as an updated and powerful way to halt business by interrupting online service as well as new DDoS mitigation evasion techniques.
For the first six months of 2013, IBM X-Force analyzed 4,100 new security vulnerabilities, scanned 900 million new Web pages and images. The research also resulted in the creation of 27 million new or updated entries in the IBM Web filter database and insertion of 180 million new or updated signatures in the IBM spam filter database.
“For me personally, the non-technical elements of the findings were the parts that struck me the most,” said Stewart Cawthray, chief security architect for IBM Security Service in Canada. “The use of social media postings for target reconnaissance, the use of so-called ‘watering holes’ as areas to disseminate attacks from trusted sources and exploiting human nature by distracting and diverting attention away from the real attack, are not really new but evidence show they are very effective.”
For example IBM has seen continued growth in the compromising of trusted special interest Web sites and social media sites. Cyber criminals “poison” these “watering holes” by using them to serve up malware to unsuspecting visitors.
Workers should review installed browser plug-ins and uninstall those that are not being used of have not been used for a long time. Users should also disable ActiveX controls in Microsoft Office because it is a favourite target of attackers and enable Click-to-Play in the browser to prevent drive-by attacks.
Many Canadian companies continue to rely on traditional security controls to protect their networks, said Cawthray. Firewalls and intrusion prevention tools are needed but they are not very effective against social media threats.
He said companies need to develop social media policies on how to use various social media services.
“Malware distributed through social media, preys on weak passwords and unpatched vulnerabilities,” he said. “If enterprises ensure they are patching systems quickly the attack surface is reduced and malware becomes ineffective.”
Get the X-Force 2013 Mid-Year Trend and Risk Report here