Data breaches dominated security news during the first half of 2011 and companies across all industry sectors were equally impacted. Many of these breaches resulted from advanced persistent threats; others resulted from SQL injection and other brute force intrusions. In all cases, customer data and corporate intellectual property were at risk.
In the Cisco 2Q11 Global Threat Report, Cisco CSIRT Manager Gavin Reid discusses the unique challenges of APTs and network intrusions. Gavin offers real world practical advice from a frontline perspective, offering valuable pointers for tweaking and using the tools you probably already have in place.
In the last few years there has been a major shift in the vulnerability landscape from a focus on attacking network-based server applications to attacking client applications using malicious file formats. Due to this shift there has been a variety of new techniques developed by attackers for more reliable control post-exploitation.
One of the techniques that is commonly used by attackers is the EXE drop. Basically this technique revolves around placing an executable file within the data format in which the vulnerability takes place. Post exploitation, the payload searches for the file descriptor that is associated with the data file, copies the EXE file from it to disk, and executes the EXE file in a new process. Some examples of data formats that are commonly used in an EXE drop exploit are Office documents, Shockwave Flash Files, and image files. The EXE drop technique is useful for several reasons; one reason is because it makes coding the payload easier. The executable can be crafted quickly and compiled for a specific target. Also, by copying an executable file to disk (persistent storage) it’s fairly easy to maintain residency by adding an entry to the autorun registry keys for example.
As the Nexus platform has become a staple in the data center environment, securing the environment begins with the Nexus Operating System (NX-OS). The recently published NX-OS hardening guide seeks to deliver on that. The Cisco NX-OS Hardening Guide provides information to help administrators and engineers secure NX-OS system devices, inherently increasing the overall security of a network environment. With the ever-increasing opportunity for exploits and vulnerabilities to prevail, it is imperative that organizations adopt and apply best practices to harden their infrastructure devices. We all know that an environment is only as strong as the weakest link, thus every effort should be made to ensure that each device is hardened.
One of the more (in)famous examples of malware is the banking Trojan Zeus. We have covered Zeus before (Seth Hanford’s post, Zeus: Getting a Taste of its Own Medicine), but like William Shatner, it is one of those things that never seems to get old. Zeus is interesting because it was one of the more successful commercial or productized forms of malware, but more than that, it was a financial crimeware solution.
Zeus was sold in the form of a kit, and has been available in freeware, cheap and expensive versions ranging in price up to several thousand dollars or more. The kit allowed you to build malware that would help you steal banking and identity information. The malware has an initial configuration baked in when you do the build process, but once it goes live on the host it phones home for a dynamic configuration, which includes where to upload stolen data to, hosts file entries etc.
What is CVSS -- (the Common Vulnerability Scoring System)? How can it help me manage risk -- and why is it an important step forward in security research? In this short video Gavin Reid CVSS Program Chair share’s his perspective on the vulnerability scoring standard