Media Center

Vulnerabilities, exploits, threats and beyond

  • 11 April 2016

    By Niranjan Acharya

    As businesses go digital, its dependency on information systems has increased exponentially, resulting in quick deployment of business systems and applications to support the ever-growing businesses. The software industry also has grown to cover the vast demand for automation, data management, information sharing etc. This has resulted in rapid application development, in turn, compromising security in the long run.

    Everyday hundreds of vulnerabilities are discovered only in the operating system software. Organizations use many off-the-shelf applications as well as custom developed applications to suit their business requirements. Software are often created rapidly and make it available to the businesses and masses, resulting in loop-holes that can be exploited.

    Where vulnerabilities are discovered, hackers, coders and organized crime syndicate work hard to create exploits and gain control over the systems and vital information. Where script kiddies hacked for fun, cyber crime has taken the game to a different dimension to make money.

    During the last few years, where technology has enhanced how we do business, it also elevated cyber crimes around the world, targeting social media, businesses and even minors. All this happens due to a mere software issue in our systems.

    Apart from individuals, businesses are at high risk as many businesses solely depend on information systems. Financial sectors and public services are often targeted by ransomware attacks. In the recent times, Middle-east has seen many cyber attacks, from defacement of websites, ATM scams and ransomware attacks has been on the rise.

    A new ransomware called “RANSOM_LOCKY.A” is been discovered by many security experts such as Palo Alto Networks, Trend Micro, to name a few. This ransomware spreads through a vulnerability in MS Office document, an application often used by business. 

    Researchers at Palo Alto Networks have recorded 446,000 sessions involving this new ransomware, over half of which (54%) were detected to have affected victims in the United States. Another Ransomware called Petya, encrypts the entire disc, modifies the Master File Table (MFT) and resides in the Master Boot Record (MBR), whether the system is powered-up or the disc taken out there is no way to access the valuable data that the business depends on. Cryptowall 3 is responsible for 406,887 attempted infections and accounts for approximately $325 million in damages since its discovery in January 2015.

    Besides having top-notch security solutions, businesses are still affected by malware attacks; due to few solutions offer end-to-end security. Organization must also adapt best practices in security management, one that offers a holistic view of the organization’s critical assets, its weaknesses, areas of concentration and appropriate knowledge transfer, to detect, report and react to security threats on day-to-day basis. Organizations must incorporate and merge processes including, Asset and risk management, continuous logging and monitoring, vulnerability and patch management, incident response, and proactive periodic maintenance that includes hardware and software maintenance at least every quarter.