Internet Security Vulnerabilities on an application layer of OSI model
Though the implementation of IPv6 can somewhat increase the security of the lower layers of OSI, the main stream of actual hacking happens on the application layer of the model.
We will talk about firewalls and intrusion detection systems in future articles, as well as the ways to further secure your hosts with live response toolkits and forensic image toolkits that can help you to define possible kernel rootkits, etc.
The network reconaissance is helpful if hacker plans to attack particular network. But in
reality this approach is used less often today.
The main trend of [tag]internet security[/tag] attacks for 2006-2007 is to use “wholesale approach”.
That means no network, organization or individual serves as a specific target. Instead the
target is every machine that is exposed to certain vulnerabilities.
Another trend that is clearly seen is the combination of different techniques. If in
2004-2005 intruder would (mostly) use either email with embedded virus or worm, or use the exploit that would give him a direct access to the system, now the intermediate hacks are more popular.
They are used to get initial access to the system and as a platform for backdoor downloads.
To facilitate the distribution of the malicious code, the combination of several techniques and methods is used. Quite often large spam networks are utilized for the initial distribution of the spam emails. In order to avoid current malware filters, no virus is usually embedded in the email. Instead, the reader is sent to the malicious url. The web-based url is used for automatic download of the exploit.
Such spam email campaigns can target over billion email addresses thus ensure the large amount of opened and clicked-trough emails. Huge targeted audience ensures a large base for the of users infected with a new virus through such spam attack.
So what applications are currently targeted more often for the attacks?
According to Symantec Internet Security Threat Report for the second half of 2006 (Volume 11), mostly targeted group for attack were web browsers and third party web applications.
Among web browsers, IE holds the crown and accounts for 77% of web-broser-targeting attacks.
Another confirmation that direct attacks are more often replaced by “wholesale” approach is derived from the fact that home users are the targets in 93% cases of latest attacks!
Which is logical, since the home users is the least educated group of computer users (as far as internet security is concerned) and can be rather easily tricked by the combination of spam and web-based located urls hosting payloads with middle-level of security threat security threat.
In other words, they can be easily tricked to open spam emails, download the malicious code and thus get their computers infected.
posted in Internet Security Paradigms and Models, Main, OS Security | 0 Comments
