Endpoint Protection

Another Microsoft vulerability is exposed in a bulletin by Microsoft dated the 16th July 2010.  Microsoft Windows is prone to a vulnerability that allows a file to automatically run when a folder is viewed in Windows Explorer. This vulnerability is being exploited by W32.Temphid to ensure that malicious code executes when an infected USB drive is inserted into a computer. While current attacks involve executing files from USB drives locally connected to targeted computers, attackers may also exploit this issue by setting up remote network or WebDAV shares and enticing a user to visit them. This possibility presents a remote threat to affected users. Microsoft published an advisory describing a workaround for this issue.

Be aware that as this exposure will be exploited with other methods of attach

The Information Commisioners Office (ICO) or the privacy watchdog has published figures on data breaches that makes disturbing reading. What’s more is that the ICO  is getting so concerned that it will be introducing fines on comapnies and public bodies that recklessly or deliberately break the rules. Fines up to half a million may be imposed on losses of information. In total, 434 organisations reported data security breaches in the past 12 months, up from 277 the year before. This is what Deputy information commissioner David Smith said: “The majority of organisations get data protection right, but regrettably a significant minority of management teams are failing to take data protection seriously enough. Unacceptable amounts of data are being stolen, lost in transit or mislaid by staff. Far too much personal data is still being unnecessarily downloaded from secure servers on to unencrypted laptops, USB sticks, and other portable media.”

Well what a surprise! But what is really interesting and scary is that there are fines coming! But I thought that if you breached the Data Protection Act then you would be fined or sued anyway. However, what is clear is that this affects all businesses; large or small; SMB or large multinationals. So Data Loss Prevention is for all organisations that have personal data stored but it is not sufficient to just use device control, the ICO is saying any data loss from any channel! So does that mean that first generation products that really only do encryption and device control will be replaced by the second generation products that provide device, IM, and all the goodies? I think this is a call to action for vendors to smarten up their act and work with others to gain functionality rather than buy and try to integrate. You can read some more here http://news.bbc.co.uk/1/hi/uk_politics/8354655.stm

A worm known as Kido, Conficker or Downadup has quickly replicated across vulnerable Windows computers in a recent outbreak utilising clever tricks to propogate more successfully.

The worm is thought to have moved from 3 million to 10 million infected computers in a short time and is continuing to rise exponentially. The worm is thought to have left a bot-net for its creators to utilise though there appears not to have been any attempt to use it yet.

The register speculates that the MOD may also have become victims of the worm with noticeable disruption for 2 weeks and counting to admin based workstations.

The worm is able to spread via USB sticks and also attempts login and password brute force attacks for access to networks, files and folders etc.  Microsoft has provided updates and a malicious software removal tool to counter its spread.

As attempts to prevent worms from their spread become more advanced so we see the creators use more advanced techniques to circumvent these strategies. Most notably here this worm is utilising vulnerable endpoints as a major tool in its success shining more light on the need for networks and its users to protect themselves against malicious mobile data.