Information Technology Vocabulary Builder: Blended Threat
The Information Technology (IT) Vocabulary Builder series aims to deliver a very concise summary of a currently relevant topic to Information Professionals. It is done mostly by collecting a small number of highly relevant web links to save you the time of combing through search results yourself. It differs from sites such as Wikipedia because it includes opinions, forecasts, and detractions in addition to just facts.
Today’s term is “Blended Threat”. This is an information assurance and computer security term referring to when a party attempts to penetrate a network security boundary through the use of a combination of classic attacks instead of just a single threat vector.
Wikipedia provides this quote to get you started:
A blended threat is a software vulnerability that involves a combination of attacks against different vulnerabilities. For example, many worm, a trojan horse and a computer virus exploit multiple techniques to attack and propagate.
Symantec’s excellent security glossary defines them this way:
Blended threats combine the characteristics of viruses, worms, Trojan Horses, and malicious code with server and Internet vulnerabilities to initiate, transmit, and spread an attack. By using multiple methods and techniques, blended threats can rapidly spread and cause widespread damage.
Blended Threats are the obvious future of information warfare, computer network defense, computer network attack, and computer network exploitation. The reason is simple. Our current generation of security tools – anti-virus software, firewalls, and access protocols – have matured to the point that the system level vulnerabilities are so hard to exploit in the wild that only a combination “punch” has the chance and time to get through. In many cases it is also easier to exploit a complex vulnerability as a series of small breaches that combined can cause true damage.
Other excellent sources of Blended Threat reading include:
- McAffe whitepaper on blended threats is a great read.
- Symantec’s security glossary has an extensive list of characteristics to review.
- Microsoft Security Bulletin MS09-015 – Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426). Provides a great case study of how one works.
- Microsoft Security Advisory (953818) – Blended Threat from Combined Attack Using Apple’s Safari on the Windows Platform. Another good example exploitation.
What do you think of Blended Threats? Do they have an impact? Do you have any stories, lessons learned, or best practices for mitigating them? Please share your thoughts.
That is my Information Technology Thought of the Day (ITTOD) for August 4, 2009 ©Scott Coughlin .
No related posts.
Related posts brought to you by Yet Another Related Posts Plugin.