Discussion in 'other security issues & news' started by MrBrian, Dec 28, 2011.
This thread seems like it died in 2011, but this is a good enough place as any to voice this particular opinion. The real issue being debated is the level of risk everyone sees. I think Hungry Man is right, malware authors will focus on the easiest targets, which are folks that surf carelessly with OSs & programs that don't get updated & run non-updated or no AV programs. IMO with every layer of security I add (update programs & OS regularly, run an updated AV program that doesn't suck, use a firewall, use common sense), the malware authors are less and less likely to want to bother with me. The vast majority of computer users fall into this category of risk.
Targeted attacks are a completely different category of risk. Of course, first you have to decide if you would actually be targeted, highly unlikely for any random citizen. But if you're a defense contractor or developing cold fusion, then maybe you would be targeted. And the point here is that a persistent cracker can crack anything given time, talent & patience. But you have to ask yourself- what's the true likelihood of this ever being a problem for me? Why would Black Hat Bob work so hard to get the photos of junior's 3rd birthday party off my hard drive or my Facebook account, especially when there are millions of easier targets out there with far higher payoffs?
A wise choice!
You zeroed in on the important part of my argument I see
or most remunerative?
Malware is a business. They weigh the cost of infection against the potential income. In my opinion, at this time, it's more profitable to make use of old out of date operating systems or applications than complex attacks on the kernel/ sandboxes.
You'll find it's a well run business. Automate attacks & your profits increase. That would inheritenly exclude customized/hardened desktops with multiple layers of security. Why waste time targeting a few with a specific configuration when you can hit masses with no configuration?
I largely agree with your post but I think it's important to mention that targeted attacks aren't limited to your examples.
Everything that's worth (potentially) big money can be a target, whether it's research done at a uni (f.i. solar panels) or a payroll software system being developed. Even the complete blueprint of a dishwasher manufacturer (f.i. the market leader in this branch) can be 'copy/pasted' by 'Black Hat Bob' if he has full access and that can be sold also.
Targeted attacks aren't just limited to 'exciting' stuff, 'boring stuff' can be worth just as much if you take into account the costs and benefits of such an attack.
I agree though that malware code writers going after large amounts of citizen bank accounts/private data will make a different cost/benefit-based decision.
Those guys won't try to develop a trojan being able to sneak into a specific up-to-date 'Wilderssecurity tweaked 'n secured' system. They're after the masses.
Has anyone been able to find stats on the following trend these guys write about:
I'm afraid the technical details of a thread-injection attack are beyond me, but i found this stat for you:
So if 80% of browsers out there are ripe for exploitation, I don't think it's any surprise that browsers are targeted.
All the research I've done over the last several months has shown me that it's REALLY important to harden the browser. That's from countless sources.
Thank you for the links, Brandi!
Too bad there wasn't anything documenting the thread injection attacks the site linked to in the first post mentions, although it's a nice check on browser and plug-in update status.
You're right, it's no surprise at all. Wilders member Rmus has stated in several of his posts the importance of securing the browser in defending against web-borne attacks. Keeping it and all plugins up to date is clearly an important first step, yet as those stats show, most people neglet this.
Absolutely agree on this! I've recently gone to great lengths in pursuing this goal on my browser of choice, IE9
I doubt thread injection attacks are used a ton. I don't know about ROP exploits being used or anything like that. We wouldn't necessarily see them in the wild because
1) You don't need ROP on XP - there's no ASLR, which means there's basically no DEP. ROP is specifically meant to defeat these two things.
2) If you do attack Vista/ 7 you don't need thread injection or shared IPC because almost no one runs with SRP.
Worth noting that ROP did garner enough attention in win8 to merit them adding specific ROP mitigation techniques.
edit: Also worth nothing that thread injection/ ICP are not the only ways to bypass a whitelist.
Separate names with a comma.