Diving into Security Research 4 - Know Your Enemy


Exploring the security landscape of today. NORSE, Bugs and Vulnerabilities, Common Types of Malware.

This is a continuation of my deep dive into Security Research.

The Security Landscape Today

Unlike in the past, many attackers today are not sitting behind their computers launching attacks manually - who has time for that right? Due to the increase in cheap server providers and more publicly available vulnerability software many have moved their efforts to the cloud. Attackers today can setup code relatively quickly (some dont even have to lift a finger if they are willing to pay) and cast a net to fish for vulnerable devices / a specific target.

Once a vulnerable device is found, the attacker is likely to have a database of vulnerabilities that deliver the right attack to that device. As the device is compromised it becomes part of the net casting attacks and or data from the device is delivered to the attacker. Again, looking at the Defense in Depth principle, having layers is important to minimize this risk. If one fails, your others layers are there to protect you.

Looking at Attacks: NORSE

Norse is the world’s largest threat intelligence network. They monitor a portion of the internet traffic through “honeypots” or vulnerable servers. Once one of their servers is compromised they allow the attacks to go through so they can see the effects/gather data. Many of their servers emulate devices such as:

NORSE provides security software and hardware to improve overall security and ROI on larger networks. I am not affiliated with them in any way but appreciate the time they took to create the map below - it’s pretty cool:

NORSE Attack Map

Known and Unknown Bugs

Attacks occur when a vulnerability is found. Vulnerabilties (Security Bugs) can be found in:

Example Your browser is outdated and a malicious website (or a compromised good website - happened to Forbes before) has malware that exploits this vulnerability. A website can detect the browser/OS version you are using so it is important to always stay up-to-date when you are prompted to update. Let’s look at the differences:

-Known bugs, shown in example above, are also called patches. As the name suggests these patches fix a problem with theirsoftware. These are your usual software updates. It is important update in a timely manner to protect against exploits.

-Unknown bugs on the other hand, often referred as zero days, are more dangerous. These are exploits that have been found but no patches exist yet. These can exist in two states public OR private. Some zero days are found by malicious groups who keep these secret and use them or sell to the highest bidder. As you can see, these are more difficult to protect because you either have to fix it yourself (if you are the programmer that found it/read about it) or you have no idea it exists so risk is involved.

Database for Vulnerability Research.

Malware in Detail

Generally, you cannot protect against everything but having the right security practice in place can minimize risk. Malware is the category where all malicious software is contained. Common types of malware are:

Curated Malware Analysis List