Zero-Day Exploit
On the 26th of April 2014 a zero-day vulnerability in Internet Explorer (IE) was discovered by security vendor FireEye . The exploit targeted defense and financial services companies using IE9 through IE11 and was found on a “very popular U.S. website.” The malicious code was removed from the website as soon as the host was notified, however in Microsoft advisory #2963983 released the same day FireEye announced the exploit discovery, Microsoft provided limited guidance and did not state when it would release a fix. Historically patches have occurred either before or on the day regular security updates were released on a monthly cycle (typically the second Tuesday of each month).
Until a patch was released, user’s options
…show more content…
Prior to the patch, the U.S. Computer Emergency Readiness Team (US-CERT) advised companies to use an alternative browser until a fix was available, however for many companies that was not an option since business applications often depended on IE. The attackers discovered by FireEye took advantage of the fact that most people use PCs in administrator mode, which gave full access to the system. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Once breaking into the system of such a user, the hackers proceeded to move within the PC or network looking for ways to escalate the privileges and gain access to more data and/or systems.
Both the Microsoft advisory and security update stated the best practice would be that companies should only provide administrative access to people who have a need for it in doing their job.
Some experts recommend segmenting the corporate network to confine people to specific areas, which would also contain the mischief of hackers. "Any organization that has properly segmented their network will be at low risk to sensitive data being accessed as a result of a breach related to this attack," Brandon Hoffman, vice president of cybersecurity at RedSeal Networks has stated. Other experts say that employees often find ways around these restrictions, which would then provide means that cybercriminals could exploit. Ross Barrett, senior manager of Rapid7 stated, "You
1. Using least privilege can help protect your data and intellectual property. This the concept of giving users the minimum permissions to perform a task. This can restrict access to certain applications. Sales would not have the same access as the technical services team. Only administrators will have unlimited privileges. Administrator level access should be limited to only 2 users (What Is Principle of Least Privilege (POLP)? Definition from WhatIs.com).
In the current society, business, organizations and government are very dependent on computers and Internet. Adequately protecting an organization 's information assets is a requisite issue. Many organizations have deployed security software or devices, such as firewalls or intrusion detection systems, to help protect their information assets and to quickly identify potential attacks. IBM Systems Journal states that "some organizations came to realize that one of the best ways to evaluate the intruder threat to their interests would be to have independent computer security professionals attempt to hack into their computer systems" (IBM 2001). This might be a good way to evaluate the system vulnerability. However, to allow a penetration test team break into their systems, the organization may have faces some risks. For example, the penetration test team may fail to identify significant vulnerabilities; sensitive security information may be disclosed, increasing the risk of the organizations being vulnerable to external attacks (The Canadian Institute of Chartered Accountants). Some organization even send their system administrator to be trained Ethical Hacking as a career course in Tertiary
Security of a network is a huge issue with companies due to the sensitive information that the companies work with. One of the easiest ways of security the computer is to secure user accounts and people need to understand to never give out their passwords to anyone. Techs may ask for the user name to reset a person password but never give out the password. Social engineering activity lately has been increasing with attacker calling claiming to be an internet helpdesk or some sort of helpdesk. There are user authentication policies which can be created to help improve the network security. There are many password policies which can be set and enforced by Windows 7 or the network domain services which will help ensure the system is
Britain’s National Health Service was among the organizations that had not upgraded their system to the most recent version (Carlin, 2017). Sometimes, the IT departments of these organization might have valid reasons for the delay in deploying patches such as testing of patches in a lab environment for conflict before allowing them into the system, but timing is critical. The WannaCry demonstrated that many companies could be caught unaware due to their mission-critical custom applications and configurations that need to be check for compatibility before deploying the patches (Shinder 2017). However, it was evident that policymakers had to rethink and balance the risk of waiting and timely patching.Awareness about the potential risks and impact of the cyber activity on computers and networks is essential in preventing ransomware. Campaigns focusing on stressing that employees of organizations should not click on links and attachments should be carried out. Phishing is one of the common entry means of ransomware since most of the end users are not aware of the potential dangers (Kansagra et al.,
Networks are very vulnerable to any holes that are within its infrastructure. In fact, many may believe that they have the best security measures in place, but no system or network of any type is impenetrable (Trim & Lee, 2014). Risk assessments are extremely necessary so that corrective countermeasures can be applied and overall security can be enhanced (Broder & Tucker, 2011). Security should ensure that this is the top priority for any company or organization. A detailed risk assessment shows which policies are essential and how well the company complies with those specific policies (Broder & Tucker, 2011). For those that manage the budget and spending need measurable justification for all of the company’s spending. By having
As networks continue to increase with industry growth, information security demands more and more attention. Security breaches are triggering a lack of trust among patrons and loss of revenue to many businesses. Protecting an organization’s data is the responsibility of any user who accesses a network or maintains a network. Employees—usually those outside the IT team—require proper training and a sense of urgency to prevent attacks.
This type of exploitation of web browser technology poses a persistent vulnerability in network security, and for that reason it is important that employees do not become the victim of such an attack. According to Will Dormann and Jason Rafail, “Not securing your web browser can lead quickly to a variety of computer problems caused by anything from spyware being installed without your knowledge to intruders taking control of your computer” (2008). After this phase of the investigation was completed, the targets were interviewed for their input on why the penetration testers were successful or failed to obtain sensitive information.
External hacks can cause a business or government millions of dollars as well as the loss of vast amounts of personal data. What is not as prevalent in the news is how these internal hackers often use an insider’s credentials to gain access to a computer network. Equally as troubling is there are businesses that disregard the likelihood of a hacker coming from within their own organization. Cybersecurity should begin internally, however, as in the case of AT&T, “one of world 's largest communications companies” (AT&T Company Information - Key Facts, n.d.), human beings tend to be the greatest security vulnerability to the public and private industry.
Administrator and user privileges should be limited in scope in order to prevent any one individual from performing unauthorized actions on the network. Currently all administrators have full access to all system resources. These administrator
In respect of the threat of further cyber-attacks, the organisation could apply software patches as and when they become available, rather than periodically. One consequence of this action could be increased downtime to clinical systems whilst patches are applied, which could affect patient care.
It may not be understood that the purpose of access controls is to prevent unauthorized access. Without clear instructions the proper use of e-mail and web browsing may not
Strict adherence to the Access Request procedure must be exercised when IT gives any type of access to systems or data, including direct manager approval, business justification, standard role, justification for extra system or data access beyond standard role, and
Perform user reviews and ensure that elevated access is only granted to those individuals who need it and have the knowledge to correctly use it. Do not grant permissions with a broad stroke. For example, if someone only needs permission to add an account to a group, grant the “add to user group permission”, not Domain Administrator permission.
At the point when conveyed deliberately, Windows Access Control advancements can give essential segments of a more extensive arrangement of approaches and advances that oversee security chances successfully, empower consistent with regulations, ensure business resources and protected innovation, and decrease the danger of obligation. (csrc.nist.gov)
The section below explores the section of code that was patched in the initial patch in 2010 and how the vulnerability remained vulnerable. The definition of the function shown below is taken from a function called CControlPanelFolder::GetUiObjectOf() in Shell32.dll. Shown in the diagram below is the first block that was changed after zero day vulnerability was discovered.