Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

How to beat hackers exploiting the latest IE zero-day bug

Antone Gonsalves | April 29, 2014
Companies have several options for defending against a recently discovered zero-day vulnerability in Internet Explorer and experts say businesses should get started immediately.

The attackers discovered by FireEye take advantage of the fact that most people use PCs in administrator mode, which gives full access to the system. Once breaking into the system of such a user, the hackers proceed to move within a network looking for way to escalate the privileges to gain access to more data and systems.

As a best practice, companies should only provide administrative access to people who have a need for it in doing their job. Others, should be cutoff from functionality in a PC they don't need.

Some experts recommend segmenting the corporate network to confine people to specific areas, which would also contain the mischief of hackers.

"Any organization that has properly segmented their network will be at low risk to sensitive data being accessed as a result of a breach related to this attack," Brandon Hoffman, vice president of cybersecurity at RedSeal Networks, said in an emailed statement.

However, other experts say employees often find ways around those restrictions, which tend to poke holes in defenses that cybercriminals could exploit.

"You're just going to spend so much energy and time to implement that and enforce that and you're not paying attention to things that matter," Barrett said.

 

Previous Page  1  2 

Sign up for Computerworld eNewsletters.