Embedded system software attacks grow

There is a growing security threat to standalone and networked computers by embedded system software, says infoprotect’s Scott Martin

September 19, 2011

“Home PC’s and networked computers alike are being attacked by embedded system software that gains access through social media tools. While typically the prime service delivery software is well written and contains little vulnerability, access is sometimes gained by embedded system software via third-party add-ons which are often poorly designed, increasing the risk of exploitation,” explains Scott Martin from Infoprotect.

Embedded software is software that the user can neither see, nor access or control. It operates behind the scenes, however it may be used by criminals to exploit vulnerabilities in the code to gain access to a system, endpoint, server or network. The bigger the system, the bigger the risk as more vulnerabilities will exist which a cyber-criminal can exploit. Many of these executables are designed specifically with malicious intent to acquire end-user personal information, which can be used for financial gain or to launch a larger attack on a third party.

In today’s world of increasing mobility, other new information security threats are emerging that relate to mobile and storage devices. One such example is the threat to data security when a company laptop leaves the business premises. “When a company laptop leaves the office, it leaves the demilitarised zone of the company’s security system, including firewalls and email filters which deliver a distributed security function to the enterprise,” says Martin. “Therefore, while the security posture of a laptop is very strong when at the office, it becomes comparatively less secure as soon as it is taken out of the office environment,” he explains.

To overcome this, an end-point must have intelligent and variable security policies, which are automatically activated depending upon the whereabouts and method of connection and communication of the end-point. Only very advanced end-protection suite technology, such as SEP12.1 from Symantec, has the ability to automatically enforce an appropriate security policy depending on its whereabouts and the method of connection and communication.

Cyber-criminals are finding ever-increasingly ingenious ways of gaining access to a computer or network by side-stepping first-line defence perimeter security devices and technology. USB devices and other attachable devices are increasingly being used by cyber-criminals to attack information networks. Viruses and malware can be unintentionally and invisibly downloaded from the internet at the touch of a button. These unwanted viruses can then automatically copy themselves onto any attachable device connected to the computer, such as a USB memory stick or external hard-drive. These devices are then passed on to other users within the organisation and so the virus or malware is able to spread untraced throughout the organisation.

External storage devices, such as USB memory sticks or external hard-drives, can also be abused or misused by internal employees to get around company security and technology policies. In instances like this, employees might use an external storage device to store and from which launch an otherwise prohibited programme to avoid detection by the company’s security and technology protection software. “Only the most advanced end-point protection security suite has integrated device control which can prevent certain executables from launching from an attachable device,” says Martin.

“Embedded system software, and the increased usage of mobile devices and storage devices will continue to increase the number of security risks faced by stand-alone and networked PCs. Only the most advanced end-point protection security technology is able to cover all these bases and prevent breaches in IT security that could be costly and harmful to organisations,” Martin concludes.

Tags: ,