Patch Before You Click
One of the methods that modern cyber criminals use to accomplish their objectives is with the stealthy use of computer “botnets.” A botnet is created when a number of Internet-connected computers become infected with malicious software that is designed to listen for commands from a cyber-criminal’s command and control center and then act on those orders. The infected computers become “zombies” and are used to steal information, send spam or disrupt legitimate Web services without the knowledge of the computer user.
Information security experts agree that botnets pose the largest threat to the Internet today. In June 2006, security software maker, Symantec, estimated that there were roughly 4.5 million computers worldwide under the control of a botnet. Today, experts peg that number in the hundreds of millions. Botnets are growing exponentially because they are money-making machines for their creators, commonly known as “botnet masters.” Most seem to utilize the zombie computers under their control to spew spam and propagate malware to other susceptible computers.
But that will not always be the case, as evidenced by these recent examples.
In late February 2010, the security firm Netwitness discovered that the “Kneber botnet” had compromised nearly 75,000 computers worldwide. Among them were many U.S.-based systems belonging to Fortune 500 companies, government agencies and others. The Kneber malware was specifically designed to steal sensitive information, and the attack has resulted in the theft of tens of thousands of login credentials for e-mail systems, social networks and banking sites. At the time of this writing, the botnet was still active and stealing private information from infected computers.
The Kneber botnet exploits a security flaw in several software applications that are found on a vast majority of Windows based computers, specifically Adobe Reader and Flash Player. Adobe has since released a patch that fixes the flaw, but IT professionals or end users need to take action to apply the security patch. Should they fail to install these updates, users’ computers will remain susceptible to infection and likely exploitation.
In mid-December 2009, sophisticated attackers targeted Google and at least 30 other high profile U.S. companies and exploited a previously unknown flaw in Microsoft’s Internet Explorer browser to compromise computers and steal information. Evidence indicates that the attack was conducted by a botnet controlled from China and some believe that the Chinese government was involved. Microsoft quickly released a patch to fix the flaw, but again, IT professionals and users need to take action to prevent computers under their control from becoming infected and compromised.
For IT professionals, these types of attacks are very difficult to defend against because of the human variable in the equation. Cyber criminals have obtained an impressive success rate of attacks against corporate networks by enticing employees to click on infected websites, e-mail attachments or advertisements purporting to clean up viruses. In some cases, cyber criminals will hijack legitimate website ads or purchase their own ads on popular websites in a practice known as “malvertising.” When an unsuspecting user clicks on the ad to get more information or a chance to win a free prize, they unwittingly download the malware.
Another method of infection is through drive-by downloads where a user simply visits an infected site or reads an infected e-mail and then the attacker exploits a security flaw to download and run their malicious code.
The important lesson to be learned here is this: The Internet is a very dangerous place, especially for computer systems that are out of date or running applications that are not fully patched, or users who are unaware of the dangers and behave carelessly.
We all need to understand that the threat landscape is constantly changing and malicious attackers are operating with increasing boldness and impunity. In order to defend against these attacks, we need to implement a comprehensive defense strategy for both computers and their human operators.
On the computer side, we need to put up multiple layers of defense that include the following:
• A properly configured and up-to-date network firewall.
• A properly configured Windows firewall or non-Microsoft software firewall on each computer.
• A process to ensure that all Microsoft and third party software patches are deployed with limited or no user intervention.
• Current antivirus software with virus definitions that are automatically updated daily and full system scans that are run weekly.
• A secure Web browser, such as IE8 or Firefox 3.6, with the latest security patches installed.
• A policy that requires users to operate with reduced system privileges in order to mitigate the damage should an infection occur.
On the human operator side of the equation, we need to raise awareness of potential security threats in the workplace through targeted employee education and ongoing reinforcement, with an emphasis on ongoing.
Ultimately, we need operators to be smart, aware and able to use extreme caution.
Please feel free to distribute this article to help achieve that goal within your organization. For further reading on this subject: Bing or Google “cyber security.”
| || |
Jeff Dettloff is the president and chief problem solver for Providence Consulting, a Microsoft Certified Gold Partner and one of Lansing’s leading providers of advanced network infrastructure and innovative technology solutions.