Saturday, December 24, 2011

Hackers & Malware - Dangers Everywhere - Not Just Scare Tactics

Hackers and malware were busy this week at clients of REEF Solutions.

Good news first, we identified a serious denial of service vulnerability during a network infrastructure review for a financial firm. So bad, a simple command would reboot a core network device. That was a highlight of the review. And this was not even a security audit, I am sure it'll be only worse.

Bad news now
  • A client's system was infected with TDSS, one of the nasty [known] malware products  (think encryption, p2p command and control, http/https tunneling, malware competition removal, and MBR infection). Malware vendors even offer a Firefox plug-in to allow paying customers to surf via infected machines to provide anonymous cover. To summarize, TDSS is extremely dangerous. More technical details here. As of now, the only tool that can remove it or most of it is Kaspersky. Ideally, we should have wiped the system, but the client would not permit this.
  • A hacker attacked via RDP and compromised a system. We detected the compromise and took immediate action to isolate and remediate the attack. If we had not caught it faster, this could have been a serious issue. The key is to have an Intrusion Detection System in place, even if it's just a firewall based solution. You need to be aware of what is happening on your network. I recommend additional policies such as resetting all administrator passwords, not permitting  "administrator" usernames, requiring 15+ characters passwords, email alerting w/3rd party logging tool on administrator level logins, and layered security products (firewall based scanning, servers based, proxy based, DNS scanning, etc).

Sadly, malware and attackers are not sitting idly by. There are some real threats out there. Stay safe...

-Ben

No comments: