The number of exploit attacks against known vulnerabilities continues to increase. The target is to install malware into the targeted system and to gain benefits for the criminals behind the attack.
According to F-Secure Threat Report H1/2013, the majority of Top 10 detections from the last six months involved exploits. Java is the most popular entry point and therefore, disallowing Java plug-ins might make sense. Java vulnerabilities have allowed attackers to use even classic forms of attack, known for about ten years already.
The table clearly shows that the users do not seem to understand the importance of security patches since exploits can target vulnerabilities that have had a patch for over 5 years!
On the other hand, exploit kits find their way to the market unbelievably fast – the F-Secure Threat report tells: “Java vulnerability CVE-2013-2423; a Metasploit module targeting this was first published on April 20th, and a day later we noticed in-the-wild attacks against it had already gotten underway by the CrimeBoss exploit kit”.
Why is it so hard to keep pace with the critical security updates then?
First, the number of patches releases is huge. For example, Microsoft alone recently published 13 patches against 47 bugs in its Patch Tuesday security update. Add to that the Java updates, Adobe updates, and all the rest of the products, and the number of necessary updates in a business environment can be devastating. Second – would the IT administrator always know which software is installed on which machine?
F-Secure Software Updater, an automated patch management tool integrated in the security clients, can help manage the huge task of keeping on top of the critical security updates. It follows the philosophy: find it, fix it, and forget it.
What smells so good? Could it be history? On Tuesday, F-Secure's corporate security team traveled to Dresden to pick up its fourth straight Best Protection award from AV-Test.org. We are now the only vendor in the history of the award to win the honor four years in a row. “Since 2011, F-Secure's security product has been a guarantee of high protection in corporate environments,” says Andreas Marx, CEO of AV-TEST. That's four years straight of the industry's best protection in a solution that provides the technology that's the basis for all of our security solutions. Success like this doesn't just mean we're good once in a while. It means we're the best every day, as the award goes to the solution that provides the most consistent protection throughout the year. We blocked 955 out of 958 real-world threats -- a 99.67 percent blocking rate -- and 112,059 out of 112,090 wide-spread malware with an astounding 99.97 percent blocking rate. That means we're about 2.67 - 2.97 percent above the industry standard. All this means if you don't use F-Secure, you could be exposing your business to thousands of more possible infections every month. You can compare these results to our competitors here. How do we do it? It's kind of like building the perfect sandwich. F-Secure Client Security layers antivirus on top of firewall on top of antispyware on top of rootkit scanning. We slather on the browsing protection to block dangerous websites. But it's not enough to block the threats we know about. That's where the secret sauce comes in. Our DeepGuard engine provides protection that reads criminals minds. As AV-Test's Andreas Marx said, “F-Secure is secure, innovative, and straightforward.” Excuse us. This is making me very hungry. We need to take a bite. Cheers, Sandra
Since news of the now infamous "Sony hack" broke, some experts have been skeptical that the government of Kim Jong Un was directly behind what appears to be the "worst hack any company has ever publicly suffered." Before the hackers dumped emails designed to humiliate the company then posted a note on Pastebin threatening the release of the "The Interview" with the ominous line “Remember the 11th of September", our Security Advisor Sean Sullivan posited a theory. He suggested that "the attack was an attempted shakedown and extortion scheme." Few companies are as vulnerable to public acts of humiliation -- thus as vulnerable to extortion -- as a global media company. But nearly every company risks potential massive financial damage from the exposure of confidential data. So what does that mean for you and your business. Here are five simple takeaways that may seem obvious to you but may not have seemed so clear to Sony: 1. If your business' network is going to be breached, it's probably going start with an employee clicking on an email attachment. "It’s interesting that, while the array of tools is diverse, the basic methods of gaining access to a victim’s environment are not," Verizon noted in its most recent Data Breach Investigations Report. "The most prolific is the old faithful: spear phishing. We (and others) have covered this ad nauseam in prior reports, but for both of you who have somehow missed it, here goes: A well-crafted and personally/professionally-relevant email is sent to a targeted user(s), prompting them to open an attachment or click a link within the message. Inevitably, they take the bait, at which point malware installs on the system, a backdoor or command channel opens, and the attacker begins a chain of actions moving toward their objective." With the wealth of information available about executives online, targeting an infected email attachment to a specific user remains the most reliable method of penetrating a network. Most of us have been using email long enough to know that a message with a file included that reeks of unprofessionalism may be dangerous. But if the email seems crafted and personal, we still may be fooled. Security education will never cure the plague human error, which is why your IT department is working overtime to break the "delivery-installation-exploitation chain". Still the basic caveat applies: Never open an attachment you weren't expecting. 2. Don't store your passwords in a folder called "Passwords". Seems obvious. But it appears Sony may have done just that. Verizon reports that credentials are the number one hacker target. With 62 percent hacks not discovered until months after a network has been hacked, the intruders will have plenty of time to poke around. Don't make it easy. 3. Plug the holes. Keep all of your system, application and security software patched and protected -- especially browsers. Don't use Java plugins. Or get protection like F-Secure Software Updater that keeps you patched seamlessly. 4. Links in email can be as dangerous as attachments. It turns out that years of indoctrination have has some effect. Users are more skeptical of attachments than of links in emails that can lead to "drive-by" web attacks and/or phishing scams -- but not skeptical enough. About 8 percent will click on an email attachment while "18 percent of users will visit a link in a phishing email. Users unfamiliar with drive-by malware might think that simply visiting a link won’t result in a compromise." 5. Remember that email is forever. Dance like no one is watching; email like it may one day be read aloud in a deposition. — Olivia Nuzzi (@Olivianuzzi) December 13, 2014 Cheers, Sandra
This May, the GameOver ZeuS botnet made history by becoming one of the largest botnets ever seized by law enforcement. Unfortunately, it's back at work. BankInfo Security's Mathew J. Schwartz explains: Nearly three months after the FBI, Europol and Britain's National Crime Agency launched"Operation Tovar" to successfully disrupt the botnet used to spread Gameover ZeuS, the malware is making a global comeback. Gameover ZeuS is a Trojan designed to steal banking and other personal credentials from infected PCs. At the time of the May law enforcement takedown, the FBI estimated that between 500,000 and 1 million PCs worldwide - one-quarter of them in the United States - were infected by the malware, which the bureau says was used to steal more than $100 million. Our Security Advisor Sean Sullivan notes that "there isn't a 'flood' of new GoZ variants". F-Secure Labs has looked at the recent threats and one of our experts has a theory about their origin. Our analyst most familiar w/ GameOver ZeuS just took a look at the latest GOZ samples. His verdict: it's very clearly the work of Slavik. — Sean Sullivan (@5ean5ullivan) August 27, 2014 Find out the latest about GoZ from Sean and Mikko Hypponen on 5 September in Threat Report Webinar live from Helsinki at 10:00 AM EST. What should you do? Our Online Scanner detects both new and old GameOver Zeus variants. Check your PC for free now. Cheers, Jason [Image by delunula dot com]