Top Endpoint Security Stories for June 2011: Malware developers show just how efficient they’ve become

We’ve always known how tenacious hackers are, working around the clock to infiltrate corporate networks. In June, we found out just how efficient they are. Mutating malware that bypasses security updates within hours and unconventional cyber attacks on seemingly secure networks have prompted the need for stronger endpoint defenses. For many, whitelisting is the answer. Here are some of the top endpoint security stories for June 2011.

Hackers move quickly to evade the latest security updates

In June, we saw two examples of how quickly cyber criminals can adopt to change. Security updates to both Macs and Windows held hackers back only long enough for them to create new variants that allowed them to resume active attacks on the same fixed vulnerabilities a few hours later.
According to the article, “Apple’s malware detection update circumvented in 8 hours,” malware developers were able to rewrite code overnight to evade the latest Mac updates. In another incident, “Hackers move fast to exploit just-patched IE bug,” just three days after Microsoft patched 11 bugs in Internet Explorer, cyber criminals were exploiting one of the patched vulnerabilities.
With hackers working non-stop to develop new malware and malware variants that can bypass even the most recent updates and signatures, organizations need a solution that doesn’t place a band-aid on known vulnerabilities that criminals can peel off hours later. Security tools like application whitelisting do this by simply preventing the execution of all unauthorized applications.

Poor user updating practices creating unclosed security holes

While security patches have their own challenges keeping cyber criminals from returning to exploit known vulnerabilities (see above), a recent study by G Data SecurityLabs found that users certainly aren’t helping (which is not a surprise to any InfoSec pro).
In the article, “Malware Authors Relying on Poor User Updating Practices,” cyber criminals are taking advantage of users’ negligence around installing the latest security updates. As a result, hackers are targeting both current and older unclosed security holes, said Ralf Benzmüller, head of G Data SecurityLabs.

“Even though an enormous number of program updates are being provided, users should not be fooled into deactivating automatic update functions. Not only does this apply to Java, but it should also apply in general to all browser plug-ins used and all applications installed on the PC.”

Whitelisting a top strategy for combating modern malware attacks

As cyber criminals exploit any vulnerability they can to infect corporate networks, implementing security strategies that stop targeted attacks that quietly stealing sensitive data is critical for combating modern day cyber threats.
The article, “Top five strategies for combating modern computer security threats,” outlines some techniques for protecting computer systems from unauthorized and malicious software from exploiting a user’s laptop or computer. One of the recommended solutions is application whitelisting.
While there are valid concerns around preventing attacks like memory exploits and handling dynamic environments without impacting user and IT productivity, advancements in leading whitelisting solutions have resolved these issues to provide Total Application Control (TAC) that allows organizations to proactively defend their network endpoints from modern malware attacks.

A key goal of today’s cyber attacks: Establishing a “persistent point of presence”

Today’s cyber criminal is not your stereotypical crook who breaks in, steals the loot, and gets out as fast as he can. According to Gartner analyst John Pescatore, the goal behind many of today’s attacks is to surreptitiously establish a persistent point of presence inside a network and use that to snoop on and steal information.

“A common thread through many damaging incidents is targeted executables getting installed on critical servers or high value employee PCs.”

In the article, “Attacks on IMF, Lockheed and others highlight need for defenses against targeted attacks,” a recent rash of successful cyber attacks against supposedly secure organizations has prompted the need for enterprises to deploy stronger defenses to protect their networks against highly targeted and persistent threats. Using whitelisting products alongside other AV tools to automatically block any unapproved applications from running on a system is one way to defend endpoints against custom Trojans that have been seen in many recent attacks.
Thanks for reading this month’s recap on some of the security industry’s biggest stories. I encourage you to regularly stop by to read our blog. Your thoughts on these important stories are always welcome.

by JT Keating