Unlike consumers, businesses aren’t protected by the FDIC’s Regulation E, which requires banks to cover losses from fraudulent bank transfers caused by malware. Those that fail to plug both the known and unknown holes in their personal computers may not realize they’ve been compromised for months or even years later, costing $100,000’s per incident on average (Washington Post, July 2009). Are businesses in a hopeless cat and mouse game or are there practical answers to the asymmetric warfare waged by today’s cybercriminals?

IT personnel and computer users understandably feel they can reduce risks by avoiding sordid websites. Large organizations even deploy content filtering servers to block such sites. However, cybercriminals have been systematically compromising legitimate websites, secretly inserting attack code into web pages or redirects that secretly load content from malicious web servers.

According to stopbadware.org, cybercriminals have trained the malware they have already implanted on PCs to look for the tools and files of webmasters. Consequently, the malware either steals passwords from FTP software frequently used by webmasters to upload new web pages or it secretly inserts lines of JavaScript into the web page files on their PC before they are uploaded to a web server. This explains why many websites became re-compromised, again and again.

News organizations reported that tens of thousands of websites were compromised per week in June 2009 (keywords: Beladen or Gumblar). Websites continue to be compromised and attackers are improving their tricks to obfuscate their code. Ultimately, IT personnel must regard any web server as a potential threat that will expose an endpoint to a laundry list of zero-day attacks until one works, and without the end-user noticing anything.

Sometimes the malware that exploits programming mistakes in PC software is found in the wild before a vendor can release a patch, as was the case with zero-day attacks on Internet Explorer and Firefox, reported in July 2009. Other times malware strikes in the window between the time that a vendor releases a patch and all users implement it. Some organizations protect themselves by devoting considerable resources to implementing timely patches and workarounds (i.e., disable or remove a vulnerable software component) but struggle with off-enterprise and/or powered-down computers. Others cannot even afford to try. But, none can implement a patch or workaround for a vulnerability known only to cybercriminals.

Most businesses do not realize that their antivirus and antispyware tools are practically useless for zero-day attacks, or re-crafted malware (i.e., altered signature to elude detection, which takes minutes to create and days/weeks for vendors to counter). Those that know this often consider successful attacks as inevitable because the advanced protections from the big name security vendors are impractical. Such tools can theoretically stop zero-day attacks but are generally underutilized, if not disabled entirely, because they are too complex to configure and maintain, and because they are too disruptive.

EdgeGuard Solution: Protect, Control, and Audit Enterprise Computers

Blue Ridge / Secure EdgeGuard protected computers have been safe from every zero-day attack in 2009 on Internet Explorer, Firefox, Adobe Acrobat, Microsoft Excel, Microsoft PowerPoint, Microsoft Word, Apple Quicktime, Apple iTunes, and other vulnerable applications found on enterprise computers (National Vulnerability Database).

EdgeGuard prevents the software it guards from being coerced into harming a PC or stealing data without slowing he PC down, confusing end-users, generating false-positives, or burdening desktop administrators with convoluted configuration and fine-tuning. EdgeGuard snuffs-out drive-by download attacks far more easily than host intrusion prevention system (HIPS), whist list, or other alternatives.

Additionally, EdgeGuard enables organizations to implement controls that continuously reduce the attack surface of enterprise computers, plug data leaks, decrease insider mistakes, quarantine at-risk PCs, enhance Microsoft Network Access Protection (NAP), and enforce policies that supersede an end-user’s local admin rights. IT personnel receive near real-time operational awareness over computers on and off the enterprise.

{Special thanks to Brian Krebbs, Washington Post, for raising awareness and providing real-world examples regarding FDIC Regulation E and risks to businesses from malware caused fraudulent bank transfers.}

Posted: Wednesday, July 22nd, 2009 - Endpoint Security
RSS 2.0 - Comment - Trackback