Websense announced earlier in the year that Microsoft Error Reporting is sending sensitive information in cleartext format. It has now correlated the data from these Dr. Watson reports to uncover a new APT campaign using a 0-day exploit.
The issue with the proginal finding was that intercepted data can be used to create a blueprint of the target's hardware and software network, which can then increase the success rate of tailored attacks.
Websense security research director, Alex Watson, was the primary researcher in both of these discoveries.
What stood out for Watson is how little knowledge there is, even within the security community, around the types of content in these reports, as well as the risk to organisations.
"We released some source code on our web site that allows organisations to look at this themselves," he said.
"They can also deep dive into the types of content and see what causes these types of reports to be sent."
Change in methods
Watson said the exploit and APT campaign were discovered though the research Websense was doing into attacks that made it past organisations' defences
"Looking at the public disclosures of the breaches that have happened over the last 12 months, in each of these cases the attackers were there on the network for a long time before they were discovered," he said.
As for why this situation has develoed, Watson said hackers have "evolved their techniques" to overcome modern security systems.
Since the attack vector has changed, Watson adds the security industry should evolve its approach as well.
"It needs to move away from signature based defences and including intelligence around anomalies and changes in network behaviour.
Sign up for Computerworld eNewsletters.