While hackers come up with some sophisticated techniques, the fact is that the majority of cyber attacks target common configuration errors and well-known bugs. Here are four of the top vulnerabilities you might want to look into.
Attackers use flaws in authentication or session management (such as exposed account or session IDs) to impersonate users. Logout, passwords, remember me functions, and account updates can be exposed. Hackers who learn these vulnerabilities in a particular system can retrieve session tokens and do anything the original users had privileges to do. The wide variety of approaches means there’s no one easy fix. Every application should be tested and checked. Perhaps the most reliable solution is contracting with a reputable IT services firm to perform network audits that check the configuration of firewalls, routers, networks, and access permissions.
This is the most common vulnerability and often has to do with simple configuration mistakes:
- Outdated firewall or anti-virus software
- Public applications running in debug mode
- Unused services active in the system
- Routers or other hardware using default credentials
- Not altering default settings on keys, passwords, database, and admin accounts
- Exception handling that could disclose useful system information, such as stack traces
The poor configuration could be found at each level of the application stack. Today’s hackers use automated scanners that can probe a system to discover these weaknesses. Passwords and account names should always be changed, extraneous services disabled, and error information limited.
The vulnerability exists whenever an application is allowed to send untrusted data. SQL, LDAP, XPath, and XML parsers are all areas of concern when arguments are passed. The result of a successful injection attack is usually data theft or denial of service. Despite the high level of awareness, it is still a frequent tactic of cybercriminals.
One example is the so called “Bash Bug” affecting Linux and UNIX command-line shells. This has been around for years, but there are many legacy systems where the problem was never addressed. Hackers familiar with this bug can run shell commands against a targeted server with specially crafted variables. Most major vendors provide advice on coding against injection attacks.
When application data exceeds buffer capacity, overflow to adjacent memory can be overwritten, causing corruption, crashes, or openings for malware. These attacks are harder to exploit; hackers have to know how the target application manages memory, know the specific buffer addresses used, and they must engineer a way to alter content to successfully carry out the attack.
Typically, the hacker sends data in large chunks to an application, watching for the function’s return pointer when undersized buffers are encountered. Increasing buffer size or parsing data is not always an option, leaving us to specifically look for applications with more security foresight in memory management.
Eventually, hackers discover—and share—known weaknesses. But organizations can reduce the risk of breaches by upgrading equipment and applications. Employing multiple levels of up-to-date security as well as having proper data back-ups and firewalls for encryption, is the best way to protect company resources.