When it comes to malware we usually think of workstations and laptops because they are the systems rubbing shoulders with the unwashed masses on the Internet. They are the systems in the hands of clueless end-users (aka “losers” by some of my less reverent colleagues). They are the systems running applications that download, parse and process file formats targeted by attackers such as Office documents, PDFs and image files.
Conventional wisdom says on the other hand that servers are much more isolated from the Internet. Also, servers are in the hands of security-conscious IT pros who refrain from dangerous activities like web browsing, file downloads or opening email. Even that servers don’t have dangerous applications like Office, Adobe Reader, Flash and other workstation applications installed.
But conventional wisdom isn’t accurate. Download this presentation to learn the 4 reasons for why Randy Franklin Smith from UltimateWindowsSecurity says that:
My own findings in recent IT audit engagements
A recent study about DNSChanger
An underground service that sells RDP access to Fortune 500 computers
The infamous lab system
Bot herders love servers because of their high computing power, connectivity and long term availability.
Attackers running APT attacks typically target workstations initially but then attempt to move horizontally through the network from one user and/or system to another until they reach their end target: usually a sensitive information cache on some a server. This is true in highly publicized attacks like the one awhile back on RSA SecurID and more recently with Adobe’s code signing server.
Learn how how application control is an important defense-in-depth measure that can provide detection and prevention of late-stage APT attacks. Lumension will talk briefly how their endpoint security suite addresses these risks.