Attackers Step Away From Mainstream, Target Lesser-Known Apps

  /     /     /  
Publicated : 22/11/2024   Category : security


Attackers Step Away From Mainstream, Target Lesser-Known Apps


After beating up Microsoft, Oracle, and Adobe, hackers draw a bead on smaller software vendors



Microsoft has Patch Tuesday. Oracle and Adobe are on regular patch cycles, often issuing 10 or more patches at once. But many smaller vendors havent yet developed such rigorous patching processes -- and that might make them prime targets for new exploits, experts say.
After years of attacking popular Microsoft file formats, such as Word and Excel, attackers moved on to Adobes PDF and Flash formats. Today, more attacks are
focusing on Oracles Java
. As they became subject to more frequent attacks, software vendors strengthened their platforms to make them more difficult to assault.
But for the most part, smaller software vendors have not had to weather the scrutiny of cybercriminals and security researchers. And because of this lack of scrutiny, attackers are beginning to develop more targeted and sophisticated attacks that take advantage of flaws in less popular software that has not had as much rigorous security testing.
At some point, [attackers] are going to exhaust all the different file formats that they can exploit, says Mike Dausin, manager of advanced security intelligence for HP TippingPoints DVLabs. It was only .exes at first, and then it was screen savers, and on and on down the list. ... As the holes get plugged, [attackers] will likely move on to the more exotic formats.
The tactic is not unheard of among malware. In 2009, antivirus firms found that the Induc virus
used Delphi files
to build itself into programs and infect other systems. Around the same time, another piece of malware, Utax, used Virtual LISP to
infect AutoCAD files
. And, of course, one way that Stuxnet spreads is through the
industrial control file format Step 7
.
Focusing on the less scrutinized software means vulnerabilities will be easier to find, says Wolfgang Kandek, CTO for vulnerability management firm Qualys. For example, in April Microsoft
patched a buffer overflow
in the Windows Fax Cover Page Editor that could have allowed malicious code to run, Kandek says.
Its very simple to find vulnerabilities in software products that are not as popular, Kandek observes. As the software become less common, it becomes easier to find flaws.
However, targeting such applications requires good reconnaissance on the part of the attacker, says Daniel Guido, a security consultant with services firm iSec Partners. Attackers who know little about their targets will focus on software applications that are run everywhere. For that reason, Oracles Java will continue to be a popular target of attack toolkits, he says.
They want the most bang for their buck, Guido says. And it may be true that a certain software package has a million vulnerabilities, but if the target is not using it, it doesnt make sense for them to focus on that software.
At the SOURCE Boston conference in April, Guido
presented research
that more sophisticated, targeted attacks can be analyzed to inform defenders countermeasure against more run-of-the-mill attacks because mass attackers tend to borrow exploits from the more advanced threats.
Those guys are not investing in resources to develop their own exploits, he says. The trend in malware will exactly mimic the trend in APT [advanced persistent threats], so if you pay attention to one, by the very definition, you are paying attention to the other.
While defenders should focus on foiling attacks on Java and bad memory management, they also need to watch out for attacks on their less popular programs, says TippingPoints Dausin.
Keeping track of patch management of every application installed on your network is really what needs to happen, Dausin says. But, of course, it is hard to get there.
Have a comment on this story? Please click Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Attackers Step Away From Mainstream, Target Lesser-Known Apps