How Attackers Bypass Security: Report

Monday, June 9, 2014 @ 11:06 AM gHale


Attackers are exploiting commonly-used business applications to bypass security controls, a new report said.

Common sharing applications such as email, social media, and video remain the attack vehicles of choice for cybercriminals, but are often only the start of multi-phased attacks rather than the focus of threat activity, according to Palo Alto Networks’ Application Usage and Threat Report.

RELATED STORIES
Ineffective Password Security Practices
Insider Threat Real; Protection Weak
Aware of Info Loss, Data Still Not Secured
Major Update to ICS Security Guide

In one part of the report, 34 percent of the 2100 applications observed use SSL encryption. As a result, network administrators are unaware of what applications on their networks use unpatched versions of OpenSSL, which can leave them exposed to vulnerabilities such as Heartbleed.

In addition, Palo Alto Networks found 99 percent of all malware logs ended up generated by a single threat using UDP; attackers also use applications like FTP, RDP, SSL, and NetBIOS to mask their activities.

It is one thing to point out weaknesses, but it is another to offer ways to correct them. Palo Alto Networks said areas enterprises could improve include:
• Deploy a balanced safe enablement policy for common sharing applications. The way to ensure success is documentation of the policies, education of users, and periodically updating the policy.
• Control unknown traffic. Every network has unknown traffic that is small, averaging 10 percent of bandwidth, researchers said. This high-risk traffic can end up controlled. Controlling unknown UDP/TCP will cut out a significant volume of malware.
• Determine and selectively decrypt applications that use SSL. Selective decryption, in conjunction with enablement policies, can help businesses uncover and eliminate potential hiding places for cyber threats.

The Application Usage report comes from raw data occurring from activity happening on enterprise networks, and not through a user-based survey. The data gathered for the reports comes from evaluation units of the company’s firewalls deployed at potential customer locations. This most recent report ended up based on analysis of traffic data collected from 5,500 network assessments and billions of threat logs over a 12-month span between March 2013 and March 2014, the company said.

Click here to view the report visualization.



Leave a Reply

You must be logged in to post a comment.