“Flame, like all malware, exploits vulnerabilities in enterprise systems, processes and people, and a broad and highly experienced talent pool with varied motivations is at work producing powerful targeted malware,” stated John Pescatore, vice president, distinguished analyst with Gartner in a recent report. “Use ‘whitelisting’ approaches for critical servers whenever possible” he added.
Opinions have been divided about how sophisticated or novel Flame is in the security research community. According to Bit9, Flame contains components with the most sophistication of anything discovered in the wild to date - by a long shot.
Bit9's latest blog post contains some more analysis of why Flame succeeded and how it spoofed Microsoft's update mechanism to spread...
Windows systems periodically request OS updates from Microsoft. Most often these updates address security concerns, sometimes serious software vulnerabilities. The system to be updated uses PKI certification validation in order to determine the authenticity and origination of the updates. After all, these requests have to go over the big bad Internet, and there’s no telling who might try to pretend to be Microsoft and push down Trojans. This certificate-validation business has long been considered highly secure (not perfectly secure, just highly secure), and it has remained completely unimpaired… until now.
Bit9 resource on stopping advanced persistent attacks such as Flame by taking a more proactive security stance using trust-based application control and whitelisting.
No comments:
Post a Comment
Comments are welcomed (will be moderated)