Indusface, a leading provider of application security solutions for web and mobile applications, has outlined some recently found security threats and the measures to tackle the same. Exploiting zero-day vulnerabilities has always been the primary choice for hackers. It is just obvious that they will be looking for new weaknesses within the layers and misuse them before anyone knows about it. The Factoring Attack on RSA-EXPORT Keys of FREAK was one such instance. This Secure Sockets Layer vulnerability was discovered this year in March, but was surprisingly present from the early 90s. It posed man-in-the-middle threat to around 33% of all the website and servers along with major browsers.
According to Mr Venkatesh Sundar, CTO at Indusface “Undeniably, such zero-day threats are serious for the simple factor that no one knows about the exact problems. However, knowledge of such vulnerabilities resides with only the top ranks of underworld hacking pools. An average cyber crook is usually unaware, but the problems get graver when such vulnerabilities and their exploitation guides come online and companies fail to install patches or web application firewall with customized rules for such vulnerabilities.”
Several Linux operating systems including Debian, Cent OS 6 & 7, and Ubuntu 10.04 & 12.04 were found to be vulnerable to what was termed as the GHOST vulnerability earlier this year. It was found that attackers could actually exploit glibc’s GetHOST functions buffering overflow in glibc function__nss_hostname_digits_dots (). When applications and DNS resolver are connected, an attacker can get IP address from the hostname and assume complete control over 32-bit and 64-bit servers. A day after the GHOST vulnerability was found, most operation systems released their patches to update glibc version. In fact IndusGuard Web was also updated to detect GHOST. However, the major problem is that detailed exploitation information on GHOST is available on many forums and many companies have still not patched their OS. Surprisingly, with lack of information, many do not even know about the vulnerability for about five months now. Indusface suggests IndusGaurd web application scanning and web application firewall to tackle Ghost Vulnerability.
A month approximately after GHOST, the ‘FREAK’ scare threatened our confidence once again on encryption technology. Though FREAK wasn’t as severe as POODLE, an informed attacker could still gain access to sensitive information and inject commands.
FREAK is believed to be a security loophole from the 90s that posed threat to many SSL clients including OpenSSL, which is widely used to encrypt browser to server communication. Giants like Google, Apples, and Windows had confirmed in March, 2015 that their then-latest operating system versions were susceptible to man-in-the-middle attacks using FREAK vulnerability.
About three months have passed since FREAK was discovered and patched, still many users have still not updated their operating systems and browsers. Additionally, with detailed information on FREAK available online, companies also need to secure their end with vulnerability scanning and web application firewall in place to stop such attacks.
Bearing similarities to FREAK, the recently found Logjam vulnerability made Transport Layer Security (TLS) and Secure Shell (SSH) vulnerable to man-in-the-middle attack. It had been estimated that more than 1 million domains were at risk.
Logjam basically helped hackers downgrade the encryption to 512-bit export-grade cryptograph and decrypt it. Export-grade cipher suites were believed to be the cause of this vulnerability, so if users and companies would have dealt with FREAK properly, it should not have caused problems. IndusGaurd web application scanning and web application firewall is recommended for advanced security.
“Exploitation of recent vulnerabilities is a major threat to organizations that do not really get security updates on regular basis. It is critical that security professionals get aware on recent breaches and hacking attempts. Alternatively, they can hire security vendors who can provide continuous vulnerability detection and protection” adds Mr Sundar.