Explore the latest news and trends  

Sign up for our weekly security newsletter


Be the first to receive important updates on security





Send

WER Could Be an Indicator of Attack on Company Network by Hacker

Security firm Websense observes that Windows Error Reporting (WER), ignored by most businesses, could also be a signal of an attack beating network defenses of an organization. The findings have been released by Websense in the form of a new Whitepaper entitled 'Using Anomalies in Crash Reports to Detect Unknown Threats'.

These error logs could allow eavesdroppers to map out vulnerable endpoints gaining access within network to penetrate further.

Websense observers think that there is an opportunity with every problem as information contained in the error reports could have beneficial effect by not enabling exploits but detecting the exploited. The current invasion is based on the irregularity of detection. Since malware has become expert in hiding itself, modern technology looks for proof of presence rather than the malware itself; that is, the irregularities created by the malware than the malware itself.

The security firm explains that even the most advanced cyber attacks will create anomalies in network and application telemetry which can be used to detect their existence. But the problem with this approach is that the complete network needs to be monitored and Websense wondered if error reports can provide a direct line to those anomalies.

Websense explains that many exploits work with an application to perform unexpectedly which is getting difficult to achieve.

Websense explained "we reversed those exploits and found their location to crash and create fingerprint of (in case the exploit failed) the look of crash report. We then searched 16 million reports for four months and found five reports matching our fingerprint of four different organization".

The security firm found targeted attacks which had breached the security defenses of government agency and got past the network of leading mobile operators.

Websense said: "We found Houdini H-Worm, a Remote Access Trojan (RAT), in both the organizations i.e. government agency and mobile network operator starting on the same day when failed exploit attempt happened".

Alex Watson, Security Research Director with Websense said that the security industry needs to leave signature-based defenses and adopt more intelligence around anomalies and network behavior because hackers improve techniques to break security systems, reported by cbronline.com on February 19, 2014.

» SPAMfighter News - 3/4/2014

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next