Your browser is obsolete!

The page may not load correctly.

The rules of ”basic hygiene”

Правила гигиены

Other issues in this category (98)
  • add to favourites
    Add to Bookmarks

Every hour counts

Read: 14966 Comments: 2 Rating: 9

Tuesday, October 10, 2017

"Updates are ready to be installed"—an annoying message, right? But there’s no escaping reality. New vulnerabilities are constantly being discovered in applications. It doesn't matter who actually discovered a loophole. Sooner or later, it will be made public, the developer will release a security update, and even criminals who didn't know about the vulnerability will become aware of its existence. How much time do users have before an attack begins?

Another example of an attack shows how criminals try exploiting not only vulnerabilities in web applications but also loopholes in device firmware. Information about CVE-2017-8220 was published on April 25, and on April 28 the first attacks were mounted on devices.

#drweb

Figure 8. An example of a “remote code and shell command execution” attack being discovered

Thus, only a few days can elapse between when information about a vulnerability is published and that vulnerability is exploited. (This timeframe can vary depending on how complicated a vulnerability is to exploit). If a web application comes under attack, the perpetrator will first attempt to leverage the most recently discovered vulnerabilities since they probably haven't been patched yet.

http://blog.ptsecurity.ru/2017/09/web-apps-attacks-2017.html#more

Three days. Provided that two of those days could fall at the weekend, the timeframe is very short.

And here is another interesting question: at what time of day is an attack launched?

The average attack intensity in the space of 24 hours for one company. The figure below contains values for all industries (the local time was used for each organisation).

#drweb

To illustrate our case more clearly, let's use PT AF to draw a graph for April 17 for one of the companies.

#drweb

http://blog.ptsecurity.ru/2017/09/web-apps-attacks-2017.html#more

As you can see, the attack intensity clearly correlates with employee activity—when they get to their desks, the time before lunch, and the end of working hours. The fourth peak, which occurs at night, can be explained by the fact that during these hours, the probability of the company’s security service responding to the attack is lower.

#vulnerability #security_updates #anti-virus_updates

The Anti-virus Times recommends

The above statistics indicate that security updates must be applied no later than two days after their release. But never later than that! Meanwhile, anti-virus updates must be installed immediately after their release. For that to happen just make sure you don't change the default update schedule that has been set by the developers.

[Twitter]

Tell us what you think

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments