April 27, 2009 - 9:44am
Ed Skoudis, a senior security consultant for InGuardians, and Johannes Ullrich, the CTO of the SANS Internet Storm Center, say hackers continue to penetrate many more company networks than administrators admit. They offer a list of the most effective exploits used to gain entry.
One of those exploits is an attack dubbed super-flexible pivoting, which abuses Linux machines connected to a network's DMZ, or demilitarized zone, to bypass corporate firewalls and access sensitive resources on an internal network. Skoudis noted that "millions of credit cards" have been stolen using this technique.
Skoudis pointed at the second exploit that is known as pass the hash, and which is used to penetrate Windows servers. Using this technique attackers benefit from the fact that Windows authentication works by checking a user's cryptographic hash, rather than password. Thus, the hackers steal the hash by exploiting a simple unpatched browser or application vulnerability and injecting it into the memory of the Windows box. It should also be highlighted that this technique is still successful, regardless the fact that it has been around for a decade.
The two experts presented their list of the world's most dangerous new attack techniques and ways organizations can protect themselves against them. They pointed that it is important for companies to educate their employees on how to avoid social-engineering attacks on social networking sites and elsewhere.
One of those exploits is an attack dubbed super-flexible pivoting, which abuses Linux machines connected to a network's DMZ, or demilitarized zone, to bypass corporate firewalls and access sensitive resources on an internal network. Skoudis noted that "millions of credit cards" have been stolen using this technique.
Skoudis pointed at the second exploit that is known as pass the hash, and which is used to penetrate Windows servers. Using this technique attackers benefit from the fact that Windows authentication works by checking a user's cryptographic hash, rather than password. Thus, the hackers steal the hash by exploiting a simple unpatched browser or application vulnerability and injecting it into the memory of the Windows box. It should also be highlighted that this technique is still successful, regardless the fact that it has been around for a decade.
The two experts presented their list of the world's most dangerous new attack techniques and ways organizations can protect themselves against them. They pointed that it is important for companies to educate their employees on how to avoid social-engineering attacks on social networking sites and elsewhere.