Downloadable exploits accelerate security concerns

For hackers or 'script kiddies' to attack and severely damage a Web site or corporate server it's almost a point-and-click exercise using widely available 'downloadable exploits'. And according to local security industry experts, most Australian organisations are more vulnerable than ever and are struggling with the know-how to deal with security issues. Stephen Brennan, senior security analysts, global information security services at CSC, said a 'downloadable exploit' is a tool or 'exploit' made publicly available after it has served its purpose in the "black-hat community".

"Once the exploit has made its way through the hacker channels and black-hat community, after they've got no more use for it, the hackers usually publish their exploit to get credit [from their peers]. By this time it's so user-friendly, with instructions on how to use it, it's almost a point-and-click exercise [to then hack into an organisation's Web site or corporate server]," Brennan said.

These sorts of attacks are the most worrying, he said, as it is now so easy to download, understand and use a downloadable exploit.

Of particular concern, he said are people who don't understand "the full extent of what they are doing when they download an exploit, and cause far more damage then they ever intended. "But of course there are those out there who get a thrill out of hacking and getting access into places where they are unauthorised."

Downloadable exploits are one of the biggest issues facing organisations today, according to Martin Creighan, product marketing manager, SecureNet.

"The tools, code and instructions on how to hack and take advantage of exploits is readily available on the Internet. As much as the Internet allows organisations to do business online, at the same time it is dramatically increasing the risk, unless organisations take security issues more seriously," Creighan said.

He said it is amazing how few organisations have security policies in place, including electronic and network security.

"The most dangerous exploits are the ones that allow administrative access to a system, giving the hacker full control to destroy or deface the Web site. Once you've got into that server there's a 99 per cent chance you've [reached] the DMZ (demilitarised zone which provides high level of security due to facing the public network) of their network and can use that as a launching pad to get further access," Brennan said.

He pointed out another chilling factor; that downloadable exploits can be undertaken from anywhere, such as sitting at a coffee shop and attacking an organisation.

Anton Handley, director, systems risk management at PricewaterhouseCoopers, said it is critical that all Australian organisations keep on top of their security environment. "With exploits coming out regularly, it is imperative that organisations understand the risk they face if they don't protect their systems. At the minimum, companies should be monitoring their vendor sites, patches to operating systems, routers and firewalls," Handley said.

Brennan said the people writing the exploits are feeding years and years of hardcore technical knowledge into packages and putting it into the hands of some unskilled users who are unaware of the full potential.

"A lot of the time it's just experimental, like kids playing with matches. And they don't expect it to have the impact it does. If you can use e-mail and a Web browser, that's your qualification to be able to use these downloadable exploits. Everyday users, armed with exploits have the ability to create as much havoc as that of a person with 40 years experience in computer science," Brennan said.

Brennan said IT managers and CIOs need to be vigilant, and keep on top of patches, which "may seem like an administrative nightmare, but it is something that has to be done to help ensure protection". He said organisations need to take a multi-tiered approach to security, including firewalls, network intrusion detection, hosted-based intrusion detection and more.

Graham Pearson, Websense Australia's regional sales manager, said it doesn't take an Einstein to obtain an exploit and hack into an average unsecured Web site.

"There are thousands of hacking Web sites worldwide which give instructions. It doesn't matter whether you're a six-year-old child or an IT professional, they teach you to hack," Pearson said.

Daniel McHugh, research analyst, IT trends, Asia Pacific at Gartner, said security is seen as a growing initiative this year and into 2003.

"Security is top of mind when it comes to CIO's priorities. And where there's spare money, that's where it will be spent. The events of last year have brought a change in attitude and organisations are taking their security more seriously. If not, then they should be," McHugh said.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lauren Thomsen-Moore

Computerworld
Show Comments

Essentials

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?