Internet and online security professionals deal with hacking and cracking activity on a daily basis. With new technologies emerging every day the new security challenges arise and new vulnerabilities become available that allow black hat hackers to create and execute new scripts that can cause serious problems to the whole networks. Our mission is to let you know about the latest scams and to warn you about new exploits that can have a severe impact on your online business.
21st August 2007

Internet Security Vulnerabilities on an application layer of OSI model

Though the implementation of IPv6 can somewhat increase the security of the lower layers of OSI, the main stream of actual hacking happens on the application layer of the model.

We will talk about firewalls and intrusion detection systems in future articles, as well as the ways to further secure your hosts with live response toolkits and forensic image toolkits that can help you to define possible kernel rootkits, etc.

The network reconaissance is helpful if hacker plans to attack particular network. But in
reality this approach is used less often today.

The main trend of [tag]internet security[/tag] attacks for 2006-2007 is to use “wholesale approach”.

That means no network, organization or individual serves as a specific target. Instead the
target is every machine that is exposed to certain vulnerabilities.

Another trend that is clearly seen is the combination of different techniques. If in
2004-2005 intruder would (mostly) use either email with embedded virus or worm, or use the exploit that would give him a direct access to the system, now the intermediate hacks are more popular.

They are used to get initial access to the system and as a platform for backdoor downloads.

To facilitate the distribution of the malicious code, the combination of several techniques and methods is used. Quite often large are utilized for the initial distribution of the spam emails. In order to avoid current malware filters, no virus is usually embedded in the email. Instead, the reader is sent to the malicious url. The web-based url is used for automatic download of the exploit.

Such spam email campaigns can target over billion email addresses thus ensure the large amount of opened and clicked-trough emails. Huge targeted audience ensures a large  base for the of users infected with a new virus through such spam attack.

So what applications are currently targeted more often for the attacks?
According to Symantec Internet Security Threat Report for the second half of 2006 (Volume 11), mostly targeted group for attack were web browsers and third party web applications.

Among web browsers, IE holds the crown and accounts for 77% of web-broser-targeting attacks.

Another confirmation that direct attacks are more often replaced by “wholesale” approach  is derived from the fact that home users are the targets in 93% cases of latest attacks!

Which is logical, since the home users is the least educated group of computer users (as far as internet security is concerned) and can be rather easily tricked by the combination of spam and web-based located urls hosting payloads with middle-level of security threat.

In other words, they can be easily tricked to open spam emails, download the malicious code and thus get their computers infected.

posted in Internet Security Paradigms and Models, Main, OS Security | 0 Comments