FREAK Attack: How to Protect Yourself
he
recently disclosed FREAK (Factoring attack on RSA Export Keys) attack
is an SSL/TLS vulnerability that is affecting major browsers, servers
and even mobile devices.
FREAK vulnerability
allows the attacker to intercept HTTPS connections between vulnerable
clients and servers and force them to use weakened encryption, which the
attacker can break to manipulate or steal sensitive data.
Although most major hardware/software vendors and owners have patched
this flaw, many are still susceptible to this kind of attack.
Instrumental in discovering FREAK flaw, the University of Michigan
conducted scans and discovered that an estimated 36.7% of the 14 million
websites offering browser-trusted certificates were vulnerable at the
time of disclosure.
This includes some very high profile pages like nsa.gov, irs.gov and even the ubiquitous connect.facebook.com (the source of all Facebook "Like" buttons.)
IMPACTS OF FREAK ATTACK
- Intercepts your sensitive, encrypted, web sessions via a man-in-the-middle attack, putting your clients at risk
- Redirects users to malicious sites and harvests credentials, giving attackers the ability to pivot and attack your environments directly and steal sensitive data (intellectual property)
- Forces weak encryption, even if you use a strong encryption method, making stealing your data much easier
- Affects a large number of vendors including every Windows version, Apple’s mobile and desktop operating systems, and Google Android
HOW TO PROTECT AGAINST FREAK?
AlienVault Unified Security Management
(USM) can help. USM provides asset discovery, vulnerability assessment,
threat detection (IDS), behavioral monitoring and SIEM in a single
console.
USM can scan your network to identify assets with the FREAK
vulnerability, making it easy for you to identify systems that need to
be patched and prioritize remediation.
Not only can USM identify vulnerable systems, it can also help you
detect attempted exploits of the vulnerability. Within hours of the
discovery of the FREAK vulnerability, the AlienVault Labs team pushed updated correlation directives to the USM platform, enabling users to detect attackers attempting to exploit it.
USM also checks the IP information against the Open Threat Exchange
(OTX), the largest crowd-sourced threat intelligence exchange. In the
example below, you can see details from OTX on the reputation of an IP,
including any malicious activities associated with it.
FREAK Attack: How to Protect Yourself
Reviewed by Unknown
on
4/02/2015
Rating:
No comments:
Post Your Comment Here Please