ENTERPRISE MALWARE – PART I

“FOR DECADES WE HAVE BEEN WORRIED ABOUT THE MDW: MASSIVE DESTRUCTION WEAPONS. NOW IT’S TIME TO WORRY ABOUT A NEW TYPE OF MDW: THE MASSIVE DISRUPTION WEAPONS” … John Mariotti

It’s kind of scary the increase of malware downloads in the enterprise environment. During 2012, almost half (43%) of the organizations had at least one case on which one user downloaded malware in an average of at least one per day, and the remaining 57% experimented one malware download every 2 to 24 hours. In contrast, over 2013 about 58% of organizations reported one incident of a user that downloaded malware every two hours or less.

It’s necessary to have a clear view of the weaknesses of systems and applications, that’s why the defense of vulnerabilities involves two main points:

  • To apply all available patches from vendors for vulnerabilities in order to correct the problem
  • To implement Intrusion Prevention Systems (IPS) to detect, and if wanted, to block all attempts to exploit known vulnerabilities

Despite the arising incentive programs from vendors for detected vulnerabilities, the high market value of the real “day-zero” vulnerabilities is causing the researchers to sell the information to “gray hat” government agencies (those which work with hackers to expand their cybernetic defense capacities) and professional intrusion testing organizations.

An even more lucrative clandestine malware market serves “black hat” hackers… here, the pricing for previously non reported vulnerabilities varies according to the target platform, starting from $5,000 USD for Adobe Reader to $250,000 USD for Apple iOS. The availability of “day-zero” vulnerabilities for buyers, allows any organization to launch advanced cybernetic attacks regardless their technical skills.

Picture1

According to the CVE (Common Vulnerabilities and Exposures) database, during 2013, Oracle continued on top of the list with more reported vulnerabilities, many of them were found in Java products used widely in server and client applications, that’s why it has been a great opportunity for attackers.

Picture3

ATTACKERS SEE BEYOND WINDOWS

Talking about attacked platforms, Windows is still the winner with about 67% of the organizations. The attacks increment for Adobe (Reader / Flash Player) and VideoLAN (VLC media player) gives us an idea of the attacks destined for final users, while the increment on the attention of infrastructure devices and platforms is evident on the major incidence of attacks over Squid systems (proxy and storage cache on internet), 3COM (switching and routing) and CA (identity and analysis).

CURIOUS DATA

  • 84% of organizations have downloaded a malicious file
  • Every 60 seconds a host accesses into a malicious site
  • Every 10 minutes a host downloads malware
  • 33% of the hosts don’t have updated software versions

I hope it’s been informative for you and I’d like to thank you for reading… see you on part two.

Advertisements