With ready-made exploit kits and classes of vulnerabilities that date back to the 1990s at their disposal, hacker groups are finding easy pickings.
A string of breaches this year has cemented the notion that these attacks may not be able to be fully stopped, but contained enough to prevent a massive compromise, Derek Manky, senior security strategist at Fortinet, told a crowd of about 75 people Tuesday during a session at SC Congress Canada in Toronto.
“It's really inevitable that more of these attacks are going to occur,” he said. “A lot of these attacks are age-old.”
In most cases, the attackers are infiltrating corporate systems through relatively simple means: often SQL injection vulnerabilities (via the server side) or socially engineered emails (via the client side).
The end goal of the hackers, Manky said, is to install keylogger malware on machines that enables credentials to be stolen to enable further privilege escalation and penetration. In addition, the malicious code connects back to a command-and-control infrastructure, to which stolen data is siphoned.
Organizations often fall victim because they fail to take basic precautions, such as properly encrypting passwords, blocking external channels so data can't leak out and blacklisting the sites on which the malware is hosted, Manky said.
Firms must improve their defensive posture, including taking advantage of certain Windows 7 security features, such as DEP and ASLR, Manky said. In addition, they should ensure employees are trained on the basics, including avoiding clicking on questionable links and documents, and identifying the sender before responding. In addition, companies should get a handle on the data they are housing and where it is stored.
In the end, damage control and visibility may be the best weapons, Manky said.
“There are a lot of layers in these attacks,” he said. “Stop it at one of those layers before it goes out the door.”