Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    July 2014
    S M T W T F S
    « Jun    
     12345
    6789101112
    13141516171819
    20212223242526
    2728293031  
  • About Us

    In recent years, we have seen client-side software heavily targeted by hackers in search of vulnerabilities. 2011 saw these threats become more complex and sophisticated. We saw attackers increasingly use zero-day vulnerabilities, some of which have been particularly critical. Examples of these include the vulnerability Duqu exploited (CVE-2011-3402); a Java vulnerability (CVE-2011-3544); or Adobe zero-day vulnerabilities, which were exploited in the wild.

    The exploit attacks we saw this year were targeted, original, sophisticated, and well controlled.

    Among the applications most targeted in the wild were Adobe Acrobat, Reader, and Flash Player; Java Runtime Environment (JRE)/Java Development KIT (JDK); and Internet Explorer. Exploit kits like Black Hole and Phoenix were really prompt to pick exploits for these applications and go after users with high success rates. We also saw browser vendors release patches several times within the year to patch critical vulnerabilities.

    Attacks were successful because a high percentage of users still used unpatched versions of vulnerable software. According to a CSIS study, 37% of users still browse the web with unsecured Java versions. A Zscaler survey also reported that 56% of enterprise users utilize vulnerable versions of Adobe products, putting the onus on security administrators to deploy virtual patching products such as Trend Micro Deep Security or the OfficeScan IDF plug-in.

    Server Vulnerabilities

    Having said that, there’s an ugly side to server/OS vulnerabilities as well. Things largely remained the same in this space, as shown by the number of vulnerabilities in Windows Server 2008 and Red Hat.

    Credit to CVE Details as source of the above data

    Cybercriminals also exploited vulnerabilities in web applications. SQL injection attacks were used to compromise millions of web pages. In two separate mass SQL injection attacks, malicious scripts were inserted into legitimate websites. The first one in July hit 8 million websites. A second wave in October affected 1 million websites. Apart from SQL injection attacks, attacks exploiting cross-site scripting (XSS), cross-site request forgery, Directory Traversal, and other vulnerabilities in web applications (e.g., PHP, WordPress, Joomla, etc.) also occurred in large numbers and will continue to do so next year.

    Some of the 2011 vulnerabilities worth mentioning are:

    CVE-2011-0609 Adobe Flash Player ‘SWF’ File Remote Memory Corruption Vulnerability
    CVE-2011-3402 Win32k True Type Font Parsing Vulnerability
    CVE-2011-3544 Oracle Java SE Rhino Script Engine Remote Code Execution Vulnerability
    CVE-2011-2462 Adobe Acrobat and Reader U3D Memory Corruption Vulnerability
    CVE-2011-0611 Adobe Flash Player ‘SWF’ File Remote Memory Corruption Vulnerability
    CVE-2011-3192 Apache httpd Range Header Remote Denial Of Service

    What Can Users Do?

    To protect against attacks exploiting the above-mentioned and similar vulnerabilities, a good patch management strategy is required. To mitigate any damage during the patch cycle, a virtual patching solution should be deployed as well.

    The trends that we saw in 2011 are going to continue in 2012. We will see attacks become more complicated. The defenses against these threats will have to evolve and adjust to keep users protected in 2012.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon






     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice