Blended Threats
April 12, 2009A blended threat is a security attack or threat that uses multiple methods and techniques to propagate an attack
Combine hacking, DoS, and worm-like propagation
Can rapidly compromise millions of machines
Often spread without human interaction
Require multiple layers of protection and response to neutralize
Exploit software vulnerabilities
Email virus
Network virus/worm
Backdoors
Instant Messenger virus
Attack security software
Trojan horses
Network shares
Other digital data threats
Misuse of protocols
Misuse of service ports
DoS based on crafted payloads
Bandwidth or Flood attacks
ICMP echo request Flood
TCP data segment Flood
TCP SYN/RST Flood
TCP SYN Floods
TCP, UDP, ICMP floods
Buffer Overflows
Protocol Attacks
SYN Flood
ICMP echo reply flood
UDP Flood
Protocol Tunneling
Backdoor Intrusions
Low-bandwidth DoS/DDOS attacks
Logic Attacks
Land attack
Ping of Death
Teardrop
Once a vulnerability is discovered
It rarely, if ever goes away
Vulnerability population decreases over time
But remains a vector for propagation of new attacks
Time from Vulnerability identification to exploit is decreasing
- Systematic?
- Or coincidental side effect of the web?
- Secure Software?
Unlikely given commercial pressures to perform
Defensive Posture
Vulnerability Scanning
Patch Application
Security Policy & Enforcement
Anti-Virus
Anti-Spam
Anti-Phishing
Host Intrusion Prevention
Network Intrusion Prevention