Zero-Day Attacks an Ongoing Menace

Zero-day exploits — the most difficult hack attacks to defend against —
are on the rise, according to the SANS Institute, a security research

Internet Explorer users continue to be subjected to zero-day attacks when they visit Web sites that are set up to exploit vulnerabilities in IE that
Microsoft hasn’t yet patched, SANS warned in an update to its annual “Top 20
Internet Security Vulnerabilities” report.

A zero-day vulnerability is a brand new security flaw that a software
vendor is either unaware of or is anxiously attempting to fix. An attacker
who manages to develop a method to exploit such a flaw has a potent covert
weapon, one that networks and IT staff cannot easily defend against.

Mac users and those who run alternative browsers also aren’t as safe
online as they might expect either, according to the update released Monday. SANS says its report represents a consensus opinion of leading security
experts on significant threats that are currently being widely exploited.

“I think the most surprising finding is that there is really a shift away
from exploits that target mainly Microsoft products,” said Dr. Johannes
Ullrich, chief technology officer at the SANS Internet Storm Center.
“Suddenly hackers are paying a lot of attention to Mac OSX and Firefox.”

Ullrich said that security flaws are also becoming more difficult to
defend against, as malicious hackers move to discover and exploit flaws well
before software companies can develop and release patches.

“Two years ago, 80 percent of what we had seen were well-known issues,
and now only 30 percent of attacks fall into well-known patterns,” he said.
“The rest are very different kinds of attacks. None of these attacks are
getting much attention so they stay at a pretty low level and can continue
to penetrate systems unrecognized.”

The update also noted that a decline in the number of critical
vulnerabilities affecting Windows services, and a rise in attacks that take
advantage of flaws in applications, particularly databases.

“Attackers are going directly after important data by finding and
exploiting vulnerabilities in software that stores and processes the data
(especially Oracle), software that backs-up the data (Backup products from
Symantec/Veritas) and data warehouses and other data collection and data
retrieval applications,” the report stated.

Ken Durham, director of the rapid response team at iDefense, a security
research firm based in Dulles, Virginia, said the SANS security threat
reports help raise awareness of security issues among businesses and users.

“SANS, in conjunction with other agencies evangelizing safe computing
practices, is helping to stamp out the low hanging fruit opportunities for
hackers today,” he said.

In addition SANS researchers saw what the report described as “a major
upsurge” in attacks using flaws in programs that process media files, such
as Apple QuickTime/iTunes, Windows Media Player, RealNetworks RealPlayer,
Macromedia Flash Player and Nullsoft Winamp.

The report also stated that “huge sums of money are being spent to sponsor
research to find more vulnerabilities faster.” SANS researchers believe that
spyware developers are focused on discovering zero-day vulnerabilities that
they can use to infect computers with unwanted adware that automatically
downloads and installs itself when users visit a malicious Web site.

“The most dangerous security threat of all is the love of money and how
it is driving fraud and crime in the online world,” said Durham. “Hacking is
not about getting your 15 minutes of fame anymore. Cybercrime is a
multi-million dollar global business.”

With attacks apparently coming from all directions, security experts
advise that users implement a layered defense.

“Any single defensive measure can be circumvented,” said Ullrich.
“Antivirus programs by themselves will not protect you because their
signatures will be out of date. You cannot avoid attacks by avoiding a
particular program like Explorer because an attack may target multiple programs. And you cannot rely on just a firewall because it may not block the
particular port you’re being attacked on.”

But fret not. Some security experts say that most attacks are

“In the real world, people are mostly getting hit because they are
surfing the net with an insecure (unpatched) version of Internet Explorer.
So that’s the most likely vector of an attack,” said Mikko Hypponen, Chief
Research Officer at F-Secure, a security services company based in Helsinki,

Hyppvnen said he was surprised that attacks against Macs ranked so high
on the SANS report.

“It’s an important issue, but the market share of Mac means that even the
worst Mac problems aren’t going to be really global issues.”

News Around the Web