Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Old security holes bigger threat, says TrustWave

Concentrating on new threats is short sighted

Article comments

An overemphasis on tackling new and emerging security threats may be causing companies to overlook older but far more frequently exploited vulnerabilities, says a recent report.

The report, from TrustWave, is based on an analysis of data gathered from over 1900 penetration tests and over 200 data breach investigations conducted on behalf of clients such as American Express, MasterCard, Discover, Visa and several large retailers.

The analysis showed is that major global companies are employing "vulnerability chasers" and searching out the latest vulnerabilities and zero-day threats while overlooking the most common ones, the report said.

As a result, companies continue to be felled by old and supposedly well understood vulnerabilities rather than by newfangled attack tools and methods.

For instance, the top three ways hackers gained initial access to corporate networks in 2009 were via remote access applications, trusted internal network connections and SQL injection attacks, TrustWave found.

All three attacks points have been well researched and known about for several years. SQL injection vulnerabilities, for instance, have been known about for at least 10 years, but still continue to be widely prevalent in web-based, database-driven applications, TrustWave said.

The most common vulnerability that TrustWave discovered during its external network penetration tests had to do with the management interfaces for web application engines such as Websphere, and Cold Fusion. In many cases, the management interfaces were accessible directly from the Internet and had little or no password protection, potentially allowing attackers to deploy their own malicious applications on the web server.

Similarly unprotected network infrastructure components such as routers, switches and VPN concentrators represented the second most common vulnerability unearthed by TrustWave. The tendency by many companies to host internal applications on the same server that also hosts external content was another common vulnerability, as were misconfigured firewall rules, default or easy-to-guess passwords and DNS cache poisoning.

Meanwhile TrustWave's wireless penetration tests unearthed common weaknesses such as the continued use of WEP encryption, legacy 802.11 networks with minimal to no security controls and wireless clients using public "guest" networks instead of secured private networks.

In almost all of the cases, the most common vulnerabilities unearthed by TrustWave were common well understood issues that should have been addressed a long time ago said Nicholas Percoco, senior vice president at TrustWave's SpiderLabs research unit.

"There are basically two themes," Percoco said. "Through our study in 2009 we found some very old vulnerabilities present within enterprises, some as old as 20 to 30 years." The second theme is that attackers are targeting these old flaws to break into enterprises, then using increasingly sophisticated tools to harvest data from companies, he said.

In addition to older keystroke logging and packet sniffing tools, malicious attackers are increasingly employing tools such as memory parsers and credentialed malware to steal data, Percoco said. Memory parsers are used to monitor the random access memory associated with a certain process and to extract specific data from it. Credentialed malware programs are a new class of multi-user programs that have typically been used to steal money and payment card numbers from ATMs.

There are several measures companies can take to mitigate the risks posed by older and often overlooked vulnerabilities, TrustWave said. One step is to maintain a complete asset inventory. Many companies are often unaware of all the IT assets they own or of the risks they pose to data, so maintaining an up to date list of assets is vital to protecting them, TrustWave said.

Decommissioning older legacy systems as much as possible can also help mitigate the risk. Also, in 80% of the cases that TrustWave looked at, third-parties were responsible for introducing vulnerabilities. So monitoring third-party relationships is key according to the company. Other recommended measures included internal network segmentation, data encryption and stronger Wi-Fi security policies.


More from Techworld

More relevant IT news


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *