Hackers are shifting their attack targets to users instead of targeting systems.
The clearest evidence of this shift in attack strategy among hackers is the continuous disclosure of security vulnerabilities in the Microsoft Office suite and a series of security threats arising from malicious documents that can exploit these vulnerabilities.
This reality also indicates that hackers seem to have automated the process of discovering and exploiting security flaws.
The Target is the User
Alfred Huger, a senior expert at Symantec, asserts: “Hackers are targeting users more than systems. What they seek is not servers but usernames and email addresses.”
“It is difficult to identify a specific person from a website. Therefore, attackers target a specific company, focusing more on the attack, and are shifting towards attacking specific client applications like Microsoft, for instance.”
Huger simulated a targeted attack model by exploiting vulnerabilities in Office as follows: “An attacker can find the name and email address of a low-level finance employee from a press release, for example. They will then impersonate the financial manager of that company to send the aforementioned employee an Excel file. Thus, the likelihood of that low-level employee opening the hacker’s Excel file is very high because he will think it was sent by his manager. Clearly, the success rate of such attacks will be very high.”
Fuzzers Exposed
The continuous discovery of security flaws in Office has sparked concerns about a tool called “fuzzer” – an automated tool for detecting security vulnerabilities developed by security researchers and hackers over the past two years. However, this tool has only recently come to public attention.
“A fuzzer will send any type of data value to the input of any program to see if any issues occur. This tool is commonly used in detecting buffer overflow vulnerabilities, and it is also the fastest and most effective solution for discovering security flaws,” Huger stated.
Huger believes that it was thanks to HD Moore that fuzzer became known to the public. Moore, one of the leading developers of the open-source Metasploit Framework project, recently launched a “one vulnerability a day” initiative and confirmed that he has used numerous fuzzers to discover those vulnerabilities.
Microsoft is also among the companies that invest significant time and money into fuzzers, Huger confirmed. This expert believes that even Windows Vista was tested using the fuzzer tool.
“I believe this will provide a better foundation for Vista,” Huger asserted. “But that does not mean that concerns about security flaws have ended. Hackers are still discovering flaws in Vista due to new code segments.”
Hoàng Dũng
