Recently I was reminded of this well used, wedding related phrase when my daughter announced her intention to marry. A joyous occasion for all, except, of course, the father of the bride (yes we’ve all seen that film!). As we know the original phrase ends in “blue” not “dangerous” but for the purpose of this article “dangerous” is far more relevant.
Anyone who is involved in Information Technology, especially the security aspects of it, would find it impossible to be unaware of the constant flood of threats and attacks on computers and networks. Every week some new and powerful attack appears that has the computer security specialists working double shifts to find a way to block it. A good example of this is one of the latest attacks on HTTPS called BREACH (Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext.). HTTPS is the cryptographic communications protocol that layers HTTP over SSL to provide secure transactions over the net. It’s used to protect virtually all web traffic that requires strict security. BREACH allows a hacker to extract encrypted, sensitive data from HTTPS traffic. It’s not the only method that hackers use for this. Hacks such as SSLStrip, BEAST, CRIME and Lucky 13 have been around for while. However, BREACH is new and, for an experienced hacker, quick and powerful to use. So “new” is dangerous.
However, “old” can be even more dangerous and should never be overlooked or forgotten. In the computer security industry it’s often the case that we view attacks that have been around for a number of years as benign. This is mainly because we believe that the software vendors will have released a fix for the vulnerability that the attack exposed and that everyone would have applied that fix or that users will have moved away from the software / Operating System that was the cause of the problem. Unfortunately, to continue on the wedding theme, some people / companies are “married” to their chosen solutions and find it very difficult to move on to something new and, in many cases, without applying fixes along the way. As a result there are a high number of old systems out there that are still providing great service to their users but are vulnerable to “old” attacks. And the problem is that the old attacks have not gone away. In fact many of them have made several comebacks, just like Cher. The “old” attacks are being “borrowed” from the past by a new generation of hackers, who make subtle changes to them and then target not only older systems but also the newer, trendier ones such as Tablets. So even if your main systems are up to date any Tablet devices on your network may be susceptible to old attacks.
Of course you may think that because your networks are protected by the latest IPS / IDS /UTM / Firewall that so you have no need to worry. Well, this should be the case but may not be so. The reason for this is that Network Security devices have a finite processing capacity. To maximise this capacity sometimes compromises have to be made and this often involves removing the signatures of old attacks that are thought to be defunct. It’s highly likely that you may not even be aware that this is the case with your network defences. The only way to be sure about this is to test your network security systems on a regular basis with a testing tool that provides both the new attacks and all the older ones. If an old attack gets through then you can make an informed decision about what to do. A tool such as Traffic IQ Professional will allow you do this. You may not have anything in your network that can be compromised by the attack but if you know that the attack could get through your defences then at least you are in an informed position.
So that’s “old” and “new” but what about “borrowed”?
Well, by “borrowed” I’m referring to the current trend in downloadable attack kits, such as Zeus. Attack Kits are hacking “Lego” that allows fairly unskilled hackers to create efficient attacks by building the attack from a kit. These kits are becoming very sophisticated and the kit developers are treating the whole exercise just as any professional software company would. Of course the Hackers are not really “borrowing” the kits – they have to pay the developers for them, although some are now being freely passed between Hackers without money finding its way back to the original developers. These kits often use quite old attacks and are becoming ever more popular with Hackers.
So, in summary –
“Old” is still very dangerous.
“New” will always be dangerous.
“Borrowed” is increasingly dangerous.
And “dangerous” – well that’s just downright dangerous.
Will Hogan | Vice President of Marketing and Sales | Idappcom
Will has been in the I.T. industry for over 31 years after initially training in Management Accountancy. He has held positions in general management, financial management, project management, sales management, channel management, marketing, systems analysis and application development. After working in IT Management with a large wholesale organisation he moved to the Netherlands to work in application development / consultancy and project management for three years. Following this he worked in software sales with SSA (a major US vendor of ERP) for 12 years and sat on the EMEA regional management board as General Manager of Channel Partners EMEA, after which he was the Managing Director of IDvelocity, a US Data Collection and Mobile Computing Software company. After living in the USA for three years working for Falk Companies, where he was Vice President of Sales & Marketing and Business Administration, he joined Idappcom.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.