Phising and client side attacks, the future?
I've been involved in a few penetration tests recently and one thing that seems to be happening is that privileged access is harder to come by. It used to be start at 9 have admin by 9.30 (on a slow day). Today it certainly tends to be a lot more work.
I put it down to improvements in security over the last few years in many organisations as well as improvements in operating systems. Love it or hate it Windows 7 does a pretty good job of securing the machine. Combined with some practices like no local user admins, automatic patching and a decent HIPS it can be quite a challenge to compromise a fully patched and well managed Windows box. OSX similarly has made some steps towards improving the security of the OS (If only they turned the firewall on by default :-( ). So if the operating system is pretty good and likely to get better, the attack vectors have to shift. Which is where client side attacks enter the picture. Get the user to attack their system for you.
We have had some good examples of this in the past year where sites were reportedly compromised because someone clicked something they should not have, likely delivered via email. Just like the wooden horse the gift was accepted (phising email) and the trojan has the nasty surprise.
So on this, for many of you long weekend, I'd like you to have a little think and maybe complete the poll on the page or enter comments here. Phising/social engineering emails and client side attacks, something we are going to see a lot more of in the future or a passing fad?
Have a nice Easter for those that celebrate it. Have a great weekend for those that do not.
Cheers
Mark
Comments
Thanks!
Matthew
Apr 7th 2012
1 decade ago
ashcrow
Apr 7th 2012
1 decade ago
Matthew
Apr 7th 2012
1 decade ago
EVVJSK
Apr 9th 2012
1 decade ago
And there will always be organizations with Executives who are above any rules or security policies (often the very people targeted in phishing attacks) who will have local admin rights, who are allowed to run software not sanctioned by IT, etc.
As defenses for one threat vector are hardened, the no-goodniks will merely switch to a different vector...
Brent
Apr 9th 2012
1 decade ago