Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Keep these cyberthug holidays marked on your calendar

David Geer | Aug. 20, 2015
It’s no happy day for enterprises when cyber thugs celebrate their favorite ‘holidays’—special days when they attack with even more cunning and fervor. Learn these days and get ready to respond to related exploitations.

zero balloon

It’s no happy day for enterprises when cyber thugs celebrate their favorite ‘holidays’—special days when they attack with even more cunning and fervor. Learn these days and get ready to respond to related exploitations. 

  1. Software Support Retirement / End of Support Day. This is the date when support ends for any OS or software package. Unsupported software leaves enterprises open to attack. Because the vendor will no longer make general releases of security patches, each new hole attackers uncover will remain vulnerable.

To prepare for this day and defend the enterprise against such attacks, investigate the availability of extended support offered by the vendor at a premium. Weigh that cost against an investment in deploying the latest software product or version that replaces the older product. Either of these avenues is going to cost you.

If neither option will fit your budget, consider a refresh roadmap that includes well-supported open-source software for applications where the reward outweighs the risk. This software can be more affordable to update.

  1. Zero-Day. This is the date of discovery of any new vulnerability where attackers unleash an exploit for it that same day. Until a patch arrives, the software remains flawed and open to attack. Zero-Day vulnerabilities last for very long periods. “Zero-day attacks last between 19 days and 30 months, with a median of eight months and an average of approximately 10 months,” according to “Before We Knew It. An Empirical Study of Zero-Day Attacks in the Real World,” Symantec Research Labs, 2012.

Since Zero-Days can live so long without patches, patching is a non-starter in those instances where no patch is available. To defend the enterprise in those instances, be ready to discover and remediate attacks quickly and thoroughly. Companies that offer threat intelligence data points about potential indicators of compromise can arm network defenders with advanced warnings, says Margee Abrams, director of security solutions, Neustar. You should baseline, harden, and image endpoint devices so that you can immediately reimage them where anomalies appear outside that baseline, adds Abrams.

  1. Patch Tuesday / Ida Pro Wednesday. By the day after Patch Tuesday, attackers have routinely reverse engineered those Microsoft patches using a tool called Ida Pro and then released exploits that penetrate the patches, says Jayson Street, Infosec Ranger, Pwnie Express.

To prepare for and defend against Ida Pro Wednesday, enterprises should use ample, layered attack mitigations such as network firewalls, IPS, and network segmentation as buffers until the organization can roll new patches for the reverse engineered patches, Street explains.

  1. Data Dump Day. This is any day when attackers release stolen data online on anonymous text sharing or bulletin board sites such as Pastebin or 4chan. Dumps can include employee information, customer information such as credit card numbers and PII, intellectual property and trade secrets, and much more, says Demetrios Lazarikos, CISO, vArmour. If your enterprise is the target on Data Dump Day, you or your customers could suffer further attacks, financial losses, and / or embarrassment, which in the case of the enterprise could cause brand damage.

 

1  2  3  Next Page 

Sign up for Computerworld eNewsletters.