I very recently attended the RSA Conference along with my colleagues in San Francisco. Like my colleague Marco who shared some of his key takeaways from the conference, I was able to learn a lot from the presentations. Below are a few of the topics I found particularly interesting.
Adobe—Evaluating the World’s Most Exploited Software
I have been using Adobe software for a while now and have been able to analyze a number of PDF malware. As such, I naturally became interested in the session that promised to evaluate why Adobe products are currently the most exploited applications, even topping Internet Explorer (IE), Microsoft Office, Java, QuickTime, RealPlayer, to name a few.
So why Adobe? The .PDF file format has become an accepted standard, which people worldwide use. Cybercriminals know and are taking advantage of this fact. This can be likened to an archer releasing a single arrow and hitting several targets at once. The .PDF file format has also become very popular in targeted attacks since automation for obfuscation in exploit kits can now be easily done.
While Adobe has carried out considerable improvements in handling vulnerabilities, Roel Schouwenberg predicts that targeted attacks will continue leveraging .PDF files. As such, users must continue to be cautious when opening .PDF files, especially those that come from unknown senders. Users should also utilize built-in Adobe features that enable automatic updates. Considering alternative applications may also be a good idea.
Cybercrime Reborn: Not for the Faint of Heart
ZeuS is one of the most prevalent malware currently in the wild. This malware family has been a cause for concern because of its ability to target banks and to gather user credentials. More recently, however, another reason for alarm emerged—ZeusiLeaks.
Obviously inspired by the widely popular WikiLeaks issue, ZeusiLeaks poses even greater danger. ZeuS is a known stealer of user credentials, specifically bank account information. Just imagine the repercussions of having this kind of data available online for the entire worldwide Web to see.
Unfortunately, ZeuS has progressed to targeting not just banks but even the retail and corporate sectors. By using spear phishing to target specific individuals, ZeuS can easily steal information such as corporate documents and even security alarm codes. As Uri Rivner said in his presentation, unlike before when networks and applications were the primary targets, these days, cybercriminals are targeting individuals. The main attack vector has now become the employees themselves. Unfortunately, humans cannot be as easily patched as software or OSs. With the level of threats increasing just as the level of control decreases, the need to properly educate users becomes even more important. The challenge then for security experts is how to allow humans to actually do their business and to increase their functionality on one hand while ensuring security and protecting them from threats on the other.
Browsing Known Sites Is Safe—True or False?
Most users believe that the websites they have been visiting for some time will always remain safe. Unfortunately, even known sites can prove dangerous. The answer then to the question, “Is browsing known sites safe?,” is “False.”
In their presentation, Lukas Hasik and Jiri Sejtko explained the trust phenomenon wherein users placed their trust on known websites instead of relying on antivirus software. Unfortunately, this is not a foolproof motto to live by, considering that cybercriminals are constantly compromising websites to carry out their malicious schemes. Hackers are able to penetrate servers and to insert malicious codes such as iframe tags that execute payloads once users visit certain sites.
Over time, simple iframe tags have evolved as well. Cybercriminals now use complex obfuscation techniques to make more money. Because of this, users need to constantly exercise caution when visiting websites. More importantly, using reliable security software and keeping these up-to-date will help keep malicious websites at bay.