The global and independent platform for the SAP community.

You are already vaccinated? And your computer?

With the summer, the summer flu season is also just around the corner and with it the vaccination discussion. We are also seeing a similar development in the IT sector.
Raimund Genes, Trend Micro
June 2, 2016
Security
avatar
This text has been automatically translated from German to English.

Infections (in the form of malware or "exploits") are also wreaking havoc in the IT sector. And here, too, there is an equivalent to vaccination in the form of applying patches.

As with real-life diseases, however, there are also "vaccination muffleers" in the IT world - with fatal consequences for themselves and others. Conficker (also known as Downup, Downadup, kido and Worm.Win32/Conficker) can be described as the "flu of IT".

The computer worm has been around since 2008. To do so, it uses a gap in Windows (MS08-067), with which it spreads via the network. Microsoft closed this gap very quickly for all affected operating systems and provided corresponding patches.

This should make Conficker history. Actually.

... but unfortunately this is not the case. On the contrary, we are by no means talking about "trifles" here.

The Conficker Working Group continues to track the infection landscape to this day: according to them, the number of infections is still in the two- to three-digit thousands, depending on how they are counted, even today, eight years later.

Eight (!) years in which the vaccine medicine, i.e. the patch, is already available! As with diseases, there are cases in the IT world that cannot or must not be addressed simply with patches (medicine).

Accordingly, however, the vaccination of the others is all the more important! After all, this reduces the risk of infection for unpatched (unvaccinated) systems above a certain threshold to practically zero.

Unfortunately, the number of unpatched systems is alarmingly high. This means that they represent gateways for attacks. In other words, Conficker turns these unpatched systems into a kind of "bridgehead" from which attackers can attack other systems within the infrastructure at their leisure.

And eight years after Conficker, that's bordering on intentional, to say the least - if not beyond ...

Unfortunately, this is not the only case that suggests widespread negligence in patching.

A more recent example is Stuxnet. While most associate it exclusively with attacks on industrial controllers, Stuxnet exploited a whole bouquet of vulnerabilities, including CVE-2010-2568 - a vulnerability that allows arbitrary code execution using shortcut files.

Although the coverage of Stuxnet was massive, this also shows that it does not necessarily lead to greater security awareness. Even today - "only" six years after Stuxnet - this gap is one of the primary attack weapons on the Internet.

Many exploit kits, e.g. the widely used "Angler Exploit Kit", still use this loophole today. This fact clearly shows that "enough" PCs can be infected even with these old exploits.

These two examples clearly show that there are unfortunately still (too) many "patch muffleurs". And the argument of lack of time really doesn't hold water after six and eight years, respectively... Unpatched systems not only pose a danger to themselves - they also endanger others by serving as a bridgehead.

Therefore, here's an appeal: Applying patches (in a timely manner) is more important today than ever. Please do it! Today there are hardly any reasons not to patch! Thanks to virtual shielding, for example, it is now possible to provide adequate protection for critical systems immediately. This means that while the patch is being tested in peace, you are safe from the attack for the time being.

After a successful test, the patch is installed via patch management and the virtual shield is removed. For systems that cannot be patched, virtual patching may even be a permanent measure.

This means that there is no longer any reason to operate (Internet-accessible!) systems with these gaps.

Ultimately, it is like the flu and measles. One hundred percent coverage is not even necessary - if a threshold value is not reached, de facto protection is statistically given for all.

Unfortunately, we are a long way from that, both in the case of diseases and in the IT world. And specious arguments unfortunately only help the disease or the "pathogens" here: the cybercriminals.

avatar
Raimund Genes, Trend Micro

Raimund Genes was CTO at Trend Micro.


Write a comment

Working on the SAP basis is crucial for successful S/4 conversion. 

This gives the Competence Center strategic importance for existing SAP customers. Regardless of the S/4 Hana operating model, topics such as Automation, Monitoring, Security, Application Lifecycle Management and Data Management the basis for S/4 operations.

For the second time, E3 magazine is organizing a summit for the SAP community in Salzburg to provide comprehensive information on all aspects of S/4 Hana groundwork.

Venue

More information will follow shortly.

Event date

Wednesday, May 21, and
Thursday, May 22, 2025

Early Bird Ticket

Available until Friday, January 24, 2025
EUR 390 excl. VAT

Regular ticket

EUR 590 excl. VAT

Venue

Hotel Hilton Heidelberg
Kurfürstenanlage 1
D-69115 Heidelberg

Event date

Wednesday, March 5, and
Thursday, March 6, 2025

Tickets

Regular ticket
EUR 590 excl. VAT
Early Bird Ticket

Available until December 24, 2024

EUR 390 excl. VAT
The event is organized by the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes attendance at all presentations of the Steampunk and BTP Summit 2025, a visit to the exhibition area, participation in the evening event and catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due course.