News

Industries

Companies

Jobs

Events

People

Video

Audio

Galleries

My Biz

Submit content

My Account

Advertise with us

Attacks by embedded system software growing

There is a growing security threat to standalone and networked computers by embedded system software, argues Infoprotect's Scott Martin.

Home PCs and networked computers alike are being attacked by embedded system software that gains access through social media tools. While, typically, the prime service delivery software is well written and contains little vulnerability, access is sometimes gained by embedded system software via third-party add-ons, which are often poorly designed, increasing the risk of exploitation.

Embedded software is software that the user can neither see, nor access or control. It operates behind the scenes; however it may be used by criminals to exploit vulnerabilities in the code to gain access to a system, end point, server or network. The bigger the system, the bigger the risk as more vulnerabilities will exist, which a cyber criminal can exploit. Many of these executables are designed specifically with malicious intent to acquire end-user personal information, which can be used for financial gain or to launch a larger attack on a third party.

New information security threats

In today's world of increasing mobility, other new information security threats are emerging that relate to mobile and storage devices. One such example is the threat to data security when a company laptop leaves the business premises. When a company laptop leaves the office, it leaves the demilitarised zone of the company's security system, including firewalls and email filters, which deliver a distributed security function to the enterprise. Therefore, while the security posture of a laptop is very strong when at the office, it becomes comparatively less secure as soon as it is taken out of the office environment.

To overcome this, an end point must have intelligent and variable security policies, which are automatically activated depending upon the whereabouts and method of connection and communication of the end point. Only very advanced end-protection suite technology, such as SEP12.1 from Symantec, has the ability to enforce an appropriate security policy automatically, depending on its whereabouts and the method of connection and communication.

Increasingly ingenious ways of gaining access

Cyber criminals are finding ever-increasingly ingenious ways of gaining access to a computer or network by side-stepping first-line defence perimeter security devices and technology. USB devices, and other attachable devices, are increasingly being used by cyber criminals to attack information networks. Viruses and malware can be unintentionally and invisibly downloaded from the Internet at the touch of a button. These unwanted viruses can then automatically copy themselves onto any attachable device connected to the computer, such as a USB memory stick or external hard drive. These devices are then passed on to other users within the organisation and so the virus or malware is able to spread untraced throughout the organisation.

External storage device abuse

External storage devices, such as USB memory sticks or external hard drives, can also be abused or misused by internal employees to get around company security and technology policies. In instances like this, employees might use an external storage device to store and from which launch an otherwise prohibited program to avoid detection by the company's security and technology protection software. Only the most advanced end point protection security suite has integrated device control that can prevent certain executables from launching from an attachable device.

Embedded system software, and the increased usage of mobile devices and storage devices, will continue to increase the number of security risks faced by standalone and networked PCs. Only the most advanced end point protection security technology is able to cover all these bases and prevent breaches in IT security that could be costly and harmful to organisations.

Let's do Biz