Data from some labs such as WebSense can be relied upon since they bear the reputation of discovering, investigating and reporting on most advanced internet threats that other traditional security labs and their archaic methods fail to pinpoint.
Windows Error Reporting
In a blog post, Alex Watson, security Research Director at Websense, outlines avenues of exploitation that a hacker may explore to break into your computer systems and steal, change or destroy information without you noticing it.
He explains that an attacker capable of intercepting data sent by Microsoft Windows Error Reporting as detailed telemetry to Microsoft, everytime an application crashes or fails to update could use it for creating a precise blueprint of the target’s hardware and software network. He can then, use this intelligence to create tailored attacks with a high chances of success.
Alex managed to uncover an advanced persistent threat (APT) campaign using zero-day exploits after investigating thoroughly 16 million crash reports from Windows Error Reporting (WER) last year. He also released a research white paper detailing the use of Windows Error Reporting (WER) to detect advanced targeted campaigns in the wild.
An area of concern for security today is the continually recurring and never ceasing targeted attacks. Promoting values of systematic investigation and new methods to detect threats to certain extent may bring technology close to a one-stop solution. Meanwhile, the security industry needs to move away from signature based defences and include more intelligence around anomalies and network behaviour as hackers don’t shy away and manage to come up with improved techniques to break into systems you view as secured.
The white paper, titled “Using Anomalies in Crash Reports to Detect Unknown Threats,” can be downloaded from their website.
