Hi, I'm Mitch. Today we're going to talk about vulnerabilities, exploits, spamming and phishing. First, let's talk about vulnerabilities and exploits. An attacker crafts an exploit that targets a software vulnerability causing the software to perform functions or execute code on behalf of the attacker. Vulnerabilities are routinely discovered in software at an alarming rate. Vulnerabilities may exist in software when the software is initially developed and released, or vulnerabilities may be inadvertently created or even reintroduced when subsequent version updates or security patches are installed. Security patches are developed by software vendors as quickly as possible after a vulnerability has been discovered in their software. However an attacker may learn of a vulnerability and begin exploiting it before the software vendor is aware of the vulnerability or has an opportunity to develop a patch. This is known as a zero-day threat or exploit. It may be months or years before a vulnerability's announced publicly. After security patch becomes available, it inevitably takes time for organizations to properly test and deploy the patch on all affected systems. During this time, a system running the vulnerable software is at risk of being exploited by an attacker. Exploits can be embedded in seemingly innocuous data files such as Microsoft Word documents, PDFs or Web pages, or they can target vulnerable network services. Exploits are particularly dangerous because they're often packaged in a legitimate files that do not trigger anti-malware or anti-virus software and are therefore not easily detected. Crafting an exploit data file is a two-step process. The first step is to embed a small piece of malicious code within the data file. However, the attacker still has to trick the application into running the malicious code. Thus, the second part of the exploit typically involves memory corruption. These memory corruption techniques allow the attacker's code to be inserted into the execution flow of the vulnerable software. Once that happens, legitimate applications such a document viewer or web browser will perform actions on behalf of the attacker such as establishing communication and providing the ability to upload additional malware to the target endpoint. Because the application being exploited is a legitimate application, traditional signature-based antivirus and white listing software have virtually no effectiveness against these attacks. Although there are many thousands of exploits, they all rely on a small set of core techniques that change in frequently. For example a HEAP spray is an attempt to insert attacker's code into multiple locations within the memory HEAP hoping that one of those locations will be called by the process and executed. Some attacks may involve more steps, some may involve fewer. But typically three to five core techniques must be used in order to exploit an application. Regardless of the attack or its complexity, in order for the attack to be successful, the attacker must execute a series of these core exploit techniques in sequence like navigating a maze to reach its objective. Spamming and phishing. The volume of spam email as a percentage of total global email traffic fluctuates widely from month to month, typically 45 to 75%. Although most end users today are more readily able to identify spam emails and are more savvy about not clicking on links, opening attachments or replying to spam emails, spam remains a popular and often effective attack vector for the spread of malware. Phishing attacks in contrast are becoming more sophisticated and difficult to identify. Spear phishing is a targeted phishing campaign that appears more credible to its victims by gathering specific information about the target, and thus has a higher probability of success. A spear phishing email may spoof an organization such as a financial institution or individual that the recipient actually knows and does business with, and may contain very specific information such as the recipient's first name rather than just an email address. Spear-phishing and phishing attacks in general are not always conducted via email. A link is all that is required such as a link on Facebook or a message board, or a shortened URL on Twitter. These methods are particularly effective in spear-phishing attacks because they allow the attacker to gather a great deal of information about the targets and then lure them through dangerous links into a place where the users feel comfortable. Thanks for joining me for this discussion on vulnerabilities, and exploits, and spamming and phishing.
