Staying Up To Date In A World Of Non-Stop Malware Threats
July 5, 2016
Shah Sheikh (1172 articles)
Share

Staying Up To Date In A World Of Non-Stop Malware Threats

Every day, almost one million malware threats are introduced in the ceaseless jungle that is the internet. And yet, software developers, security experts, and IT administrators are expected to stay up-to-date with these latest threats to ensure that network environments and software applications are secured against them. Sure thing, you might think. I’ll get to today’s million malware threats right after I finish counting raindrops. We’re here to offer our assistance by going through a few of the most common malware threats that organisations face today.

Malware threats continue to plague the internet and they aren’t going to stop. The right breach can bank an attacker millions in dark market money, so it’s financially beneficial for an attacker to create new and unexpected threats and use them to attack critical applications. While you’re never going to be able to keep up with every emerging threat, you do need to stay informed on the ones that become common. One way to do so is by checking out repositories such as Checkmarx’s vulnerability knowledge base. Another way is to read up on the five types of vulnerabilities that can be exploited by malware listed below.

SQL Injection

SQL injection (SQLi) is one of the most common attack methods. It has been for over 15 years and it just keeps on working for attackers. SQL injection occurs when an attacker sends a malformed statement and your website processes it as valid SQL. For instance, the following statement can be sent to the database from a form field.

' OR 1=1 –

This could then translate this statement to the following:

SELECT * FROM Users WHERE username = '' OR 1=1 -- -' AND password = '';

Notice that the input terminates the SQL string and provides a parameter that equals true for all records. This would then dump all users from the Users table. To prevent this, always scrub and validate malformed statements.

Privacy Violations

A privacy violation is appropriately named and is therefore any method a hacker can use to expose your users’ data. This could happen because you have stored the data inappropriately with poor permissions and a hacker is then able to gain access to that data. Some developers inadvertently give access to critical data and files through the application without recognising a security flaw in the system. Ideally, the application should have limited access to critical data on the hard drive including data and operating system files.

Another type of privacy violation happens when data is displayed on a client device that can be sniffed or obtained by a hacker using screen-capture tools.

To prevent privacy violations, always apply the correct permissions to sensitive data including files located on the application server.

Path Traversal

A good way of keeping files secure is ensuring that users can only access the files they are supposed to be able to access. Path traversal is what occurs when that is not the reality of the situation. Path traversal can happen when the developer allows the application to grab files from the server without first verifying permissions.

For example, suppose your site pulls a file name from the URL’s query string, that is the bit at the end of web addresses that don’t fit into the standard path structure. The site then prompts the user to download the file. Suppose the user then enters a critical operating system file in the query string. If the application follows the path and allows the file to be downloaded, you have a path security issue that needs to be fixed. Either the server or application should block the directory or file access of any files a user shouldn’t be able to access.

Cross Site Request Forgery (CSRF)

CSRF combines security flaws in an application with a bit of social engineering. The trick is to get a user to run a command that is actually malicious and offers gains to the attacker. In order to make this work, the attacker must get the user to run the malicious script while the user is logged in. For instance, suppose an application sends an email to a user by using the URL and querystring:

url.com/sendemail?user=myemail

It only sends the email if the user is logged in to the system. The attacker can send a malicious email to the legitimate logged-in user to open the URL. This would then trigger an event to send an email to another victim from a legitimate user. This in turn could be used by the attacker to phish information and steal data.

OS Command Injection

OS Command injections occur when the application runs commands after user input. The user input determines the command, and the attacker can then exploit this process. This type of attack is similar to SQLi in that the coder must validate input from the user before executing OS-level commands.

Keeping up with malware doesn’t have to be a losing battle. It can be easy to feel overwhelmed by the daily deluge of malware threats, but you’ve got to think quality over quantity. (In this case, ‘quality’ doesn’t mean quality from your perspective, rather from the attacker’s.) If you keep checking those threat repositories and stay on top of the major threats, both existing and emerging, you’ll be doing the best you can without losing your mind. Hopefully.

Source | LifeHacker