Things that freak out IT security pros

Ghosts and zombies aren’t the only things coming back from the dead this Halloween.

Below is a list of the top security threats that organisations should be most aware of, because these are the ones that always come back from the dead-¦

Fred Touchette, senior security analyst at AppRiver:

Ah, Halloween. A time when people dress up in creepy costumes and enjoy a marathon of classic horror flicks. And while some people may be spooked more easily than others, here are five things that will alarm even the most fearless IT security pro.

Protecting a network without sufficient funds. Whether it’s locating qualified staff or convincing upper management that system updates are necessary expenditures, the lack of funds can seriously impede the health of an organization’s security posture.

A future of unknowns. IT security pros spend a lot of time researching the world of cybercrime so that they can stay out of harm’s way. Happily, White Hats are good at disseminating information to their peers when breach occurs. Vulnerabilities were recently found in Heartbleed SSL and Shellshock Bash, for example, and the community responded by sharing information and patching networks before incident. But what about those unknown exploits? It’s enough to keep IT pros up at night.

The next zero day attack. These large-scale attacks often leverage the aforementioned secret vulnerabilities and use them to spread online malaise quickly. Examples include Storm Worm, which targeted an internet-consuming public and Stuxnet or Duqu that was a customized espionage attack. Oftentimes, these attacks are able to operate for quite a long time without anyone ever being the wiser.

Insider threats. Threats can come from careless, lazy or even well-intentioned employees who have intimate knowledge of the company’s network and accounts. In the case of a disgruntled former employee, access can be revoked immediately but with the employee who accidentally falls for a social engineering scam, your network may never be the same.

Falling victim to data breach. We seem to hear about data breaches on daily basis as of late. Not only must IT pros take care of internal damage to systems, but also worry about stolen customer data. This is an expensive problem that can cost millions of dollars due to direct loss and preventative assurances, like paying for victims’ credit monitoring. Then there’s consumer confidence and negative publicity that likely affects bottom line.

No one wants to be the next victim of data theft or deal with unknown attacks, and because of that, sometimes it’s good to be a little afraid as an IT Security pro. A small dose of fear can be healthy and motivate us to go the extra mile in preventative care. After all, those who remain complacent in their security practice often find themselves to be the next target we’ll read about in tomorrow’s newspaper.

Kevin Epstein, VP of information, security and governance at Proofpoint:

Malicious macro exploits in Microsoft Word documents returned from obscurity in recent months. Proofpoint security researchers recently discovered Word document attachments spreading the Dridex banking Trojan in two separate, rapidly propagating phishing campaigns. In one case, a high-volume phishing campaign featuring Microsoft Office macro exploits (aka VBA viruses) delivered hundreds of thousands of unsolicited emails over a short period of time. Malicious Microsoft Office macros are snippets of code embedded within Office documents (such as Word or Excel). When the document is opened a variety of operations can be executed, including automatically running a malware downloader. Most recently, Proofpoint has seen cybercriminals use macros as a vehicle for installing Dridex malware, which steals login credentials from Google, Yahoo, AOL and Microsoft. Dridex also targets financial institution log-ins. Proofpoint has seen Dridex attempting to take log-ins from Barclay’s Bank, Lloyd’s, Verde, Alliance & Leicester, and Allied Irish Bank (AIB).

Cybercriminals are adept at bringing long-dead techniques back to life in order to spread new generations of crimeware. This resurgence means it’s working to some extent and criminals are actively stealing login credentials. Be sure to configure Microsoft Office to disable macros by default and without notification company-wide. In addition, we recommend sending an email to your employees specifically warning them about unsolicited email and enabling macros.

Andy Green, technical specialist at Varonis:

Security researchers know something many of us don’t: a small number of attack scenarios account for a disproportionately large number of data exposures. But even more surprising is that these top attacks are relatively simple to defend against.

Each year Verizon’s Data Breach Investigations Report and SANS CWE publish rankings of the most popular threats. There are two data security demons that always make it to the front of the class: weak and poorly protected credentials, and injection attacks, particularly SQL Injection. Why hasn’t IT driven a stake through them yet?

Dr David Chismon, senior security researcher at MWR:

Although most organisations have moved on to supported operating systems, a number retain a number of Windows XP desktop machines on their network. These are typically retained to support specific software packages for which upgrades are either not available or are prohibitively expensive. As such, the XP machines exist as zombies and a constant risk of an outbreak.

Where XP machines must be retained, selecting third party software is important as a number of key vendors are no longer supporting XP for their products, which can be a key attack surface. Anti-virus, office packages and browsers are examples of areas that will need to be considered.

Itsik Mantin, security researcher at Imperva:

With 500 most common passwords estimated to cover one out of nine internet users (!!!), weak passwords continue to provide an excellent surface for dictionary attacks, and together they continue to co-exist throughout the digital era, keeping their respectable share in hacking stories and data breaches.

The recent incident known as “Celebgate” – the iCloud breach from the last summer, where numerous private pictures of celebrities had leaked to the Internet, is believed to be the result of dictionary attack on account passwords of the attacked users. The most disturbing fact with weak passwords is that they are probably here to stay, with no practical way to avoid them.

TK Keanini, CTO at Lancope:

The power of big data analytics and machine learning can compute amazing insight for businesses, and it can do the same for criminals. A criminal could log in to a website and declare their objective, and the service would compute several attack plans that the criminal could choose from. This would work in the same way that a user is presented with multiple routes to reach a destination when getting directions online.

This Cybercrime as a Service would have social networks mapped, personal information on each individual, language analysis that yields a level of trust between individuals, mapping to various accounts (some of which may have been compromised), etc. All of this would be creating a corpus of data that can lead the criminal through a directed graph leading to the objective (exfiltration of a file, ransomware, etc.).

Remember, cybercrime is a business and profitable businesses only get smarter and more effective. These are things that keep me up at night because in our current state, there is nothing that makes these types of attacks hard to execute for cybercriminals, and they could easily turn from nightmare to reality.

Don't miss