Saturday, January 30, 2010

How Attacks Are Being Done Today

I was going to write my next post about XSS as it is such a prevalent attack that opens the door to other attacks, but I had to post about what I just read instead. I'll hit XSS soon.

An article in darkreading.com1 was saying that Mandiant researched attacks over the last seven years and found that APT attacks (Advanced Persistent Threat), besides seeming to have Chinese ties (I won't go there as I don't think it matters where they come from, just that we stop them from any location, including our own companies), are so nasty that security software was able to detect only 24% of the malware used in the attacks!

So these attacks are going on right now undetected...

In addition, there are seven stages of APT attacks:
  1. Reconnaissance - checkin' you out and getting a lay of the land
  2. Intrusion into the network - finding the hole and getting in
  3. Establishing a backdoor -- a piece of wood to hold the door open
  4. Obtaining user credentials -- social networking and electronic means
  5. Installing multiple utilities -- remember the door you left open in #2 and #3?
  6. Privilege escalation, lateral movement, and data exfiltration -- taking over via open door
  7. Maintaining persistence -- making sure you can't delete it
Ouch!

Two things I note here -- 1) you have seven opportunities to catch them and stop them and this isn't happening, 2) YOU as a developer can stop them at #2, thus stopping the whole thing. Don't you see it now? If developers did their job to their best ability, the holes would not exist as much as they do. Would holes be found? Sure. Can we plug everything? I don't think so. But these are prevalent attacks, over seven years! Devs, get over it and learn how to code securely!!

I can't tell you how many devs think they don't need to learn security coding because they simply do intranet programming. See #6 above...they are in and using those loose security intranet apps to take over your organization. How cozy do you feel behind your firewall now? Come on gang! Learn the easy stuff and stop them!

Yes, stopping these attacks is easy...I'll show you how to stop XSS next and you will be that much more protected. Stop making excuses and do what you have to do to protect your organization and your customers!


1 http://www.darkreading.com/database_security/security/attacks/showArticle.jhtml?articleID=222600139

No comments:

Post a Comment