Application attacks demand new security approach

Computer Weekly and Journal of Cyber Policy, July 24, 2018, with comments by Satya Gupta;

Applying security software updates is an ineffective way to deal with application layer cyber attacks and businesses should change their approach, security experts advise.

Despite security updates being available, two groups have begun large-scale attacks on an Oracle WebLogic Server remote code execution vulnerability, following the publication of proof of concept exploits. Security researchers at Qihoo 360 Netlab and Sans Internet Storm Center (ISC) reported the news.

Similar attacks surfaced in January and May 2018 targeting other WebLogic vulnerabilities that cyber criminals jumped on after they went public. The criminals exploited the unpatched flaws on hundreds of user’s machines and installed illicit software for mining cryptocurrency. One of the campaigns, called Luoxk, exploits the recently disclosed and patched vulnerability – CVE-2018-2893 – for activities including DDoS attacks, deploying cryptocurrency miners, installing remote access Trojans, and distributing malicious Android Package Kits.

Not patching vulnerabilities leaves organizations open to great risk, but clearly, patching doesn’t close the risk either.

“By its nature, software patching is reactive and always leaves gaps in coverage,” said Satya Gupta, chief technology officer and co-founder of security firm Virsec.

“But the reality in practice is much worse. Even well-run organizations can take months to consistently patch servers – and that’s if they know exactly what they have,” he said.

Once a vulnerability has been discovered, Gupta said cyber attackers were very adept at finding web servers that remained vulnerable.

“Of course you should patch whenever possible, but it’s easier said than done. We need to move to a model where applications are protected ‘as is’, regardless of their patch level,” he added.

Read full articles:

TechTarget Computer Weekly: How to improve your cyber security with security analytics

Journal of Cyber Policy: News & Comment: Malicious campaign Luoxk is actively exploiting CVE-2018-2893