One of the main issues encountered when dealing with traditional network protection is the false of security tools such as antiviruses and firewalls create. The aim is to catch the hacker in the act, not just react in the aftermath of a cyber-attack. By implementing multiple layers of security, based on a continuous monitoring of system vulnerabilities and behavior anomalies, enterprises of all sizes can improve their detection response time and gain broader and more in-depth insights.
Project Based Learning (A.I).pptx detail explanation
Antivirus vulnerability calls for a multi layered cybersecurity approach
1. Antivirus vulnerability calls for a multi layered cybersecurity approach
Beginning of the week, it was revealed that the antivirus engines (AVE) used in Symantec products presented a
critical vulnerability, making it an easy-to-exploit system entry point. This is the latest of news from a troubling
string of flaws uncovered in conventional IT security products. Unfortunately for antivirus software vendors, the
road seems to be heading downhill from here on. More and more enterprises and individual users alike are
realizing that the time has come to step up their cybersecurity game.
Discovered by Google security researchers, the Symantec vulnerability could have been easily exploited remotely
by potential attackers, enabling them to execute malicious code on the user station. After preparing his attack,
all a hacker had to do was send an email containing a malicious file with in-build code to any random target.
This input, especially designed to be executed on your system, triggers avulnerability domino effect. The file
needn’t be executed, since the AVE employs a driver that intercepts all incoming and outgoing operations.
Hope for the best and prepare for the worst
The vulnerability, rated 9.1 / 10 in the CVSS[1] by Symantec, does the most damage on Windows OS, since the
scan engine of the antivirus is loaded directly into the kernel. As long as its header points to a portable
executable file packed with ASPack (an advanced Win32 executable file compressor), the AVE will automatically
scan the file, unpacking it inside the region of highest privilege within an OS. What does this mean? Well,
obviously, parsing executable files with malformed headers cannot bring anything good. On the contrary, it can
only imply one thing: you are faced with a memory safety vulnerability and you are about to get acquainted
with the Blue Screen of Death (watch this video for a short history of the BSoD). Full system crash.
A patch to correct the flaw was issued almost immediately after its discovery. All is well that ends well, right?
Not exactly. This quick ‘fix’ doesn’t change the reality of things. The general public continues to live under the
impression that the cybersecurity threat landscape is immobile, something that doesn’t really affect us in the
here and now. By the time everyone is done updating their antivirus, new vulnerabilities are more than likely to
appear again.
The solution? Expect change. Time can render any solution obsolete and, in order to fight against these
unfavorable odds, we must ensure a consistent cyber-ecosystem around IT environments. Even up-to-date
antivirus tools are no longer enough against advanced attack (as we’ve already covered in our previous article
on “How to cure yourself of antivirus side-effects” here). That is why industry vendors should make it their
responsibility to aid businesses in adapting their strategy to a multi-layered cybersecurity approach.
2.
3. Time to step up your cybersecurity game
Let’s suppose for a moment that the Symantec AVE vulnerability would have never been discovered last week.
Let’s also suppose that those targeted disposed only of basic security tools. It wouldn’t be a long shot to assume
that the number of related incidents would plague the news by now.
Now let’s replay the same scenario, only this time, the target had the good sense of tapping into behavior
analytics. A hacker infiltrates the system through this security flaw and then lets the malware do its thing. Would
the outcome be the same? Definitely not. This extra layer of protection bridges the intelligence gap that
antiviruses are confronted with, identifying the threat before it has reached the end of the kill-chain (at the
moment it tries contacting its C&C server).
One of the main issues encountered when dealing with traditional network protection is the false of security
tools such as antiviruses and firewalls create. The aim is to catch the hacker in the act, not just react in the
aftermath of a cyber-attack. By implementing multiple layers of security, based on a continuous monitoring of
system vulnerabilities and behavior anomalies, enterprises of all sizes can improve their detection response time
and gain broader and more in-depth insights.
[1] CVSS (Common Vulnerability Scoring System): is a free and open industry standard for assessing the
severity of computer system security vulnerabilities. CVSS attempts to assign severity scores to vulnerabilities,
allowing responders to prioritize responses and resources according to threat. Scores are calculated based on a
formula that depends on several metrics that approximate ease of exploit and the impact of exploit. Scores
range from 0 to 10, with 10 being the most severe.
Link:
https://www.reveelium.com/en/call-for-multilayer-cybersecurity/