BEAST stands for Browser Exploit Against SSL/TLS. The story of the BEAST attack of 2011 is a cautionary tale with a fairly happy ending. It’s worth knowing, in general terms if not in great detail, because it still highlights some useful points about IT security.
What is the BEAST Attack of 2011?
The BEAST attack of 2011 was undertaken by cybersecurity researchers Thai Duong and Juliano Rizzo. In a paper entitled “Here Come The Ninjas”, they explained how to conduct a Browser Exploit Against SSL/TLS (the technology used to create HTTPS-secured web pages).
Although it required a lot of effort and some very specific factors to come into alignment, Duong and Rizzo demonstrated that it was, at least theoretically, possible for a real-world attacker to impersonate a user during a browsing session.
How does BEAST Attack Works?
The background to the SSL BEAST attack
The vulnerability exploited by Duong and Rizzo had been discovered in 2002 (by Phillip Rogaway). It applied to all versions of beast attack SSL/TLS up to and including beast TLS 1.0 and was, theoretically, mitigated back in 2006 with the introduction of TLS 1.1.
The reason why the BEAST attack succeeded was that the fix had not been widely adopted, quite the opposite. All the main browsers of the day (Google Chrome, Internet Explorer on Microsoft Windows XP, Mozilla Firefox, and Safari up to and including Mac OS X 10.7) treated beast TLS 1.0 as the highest version of the beast SSL protocol.
The reason the fix had not been widely adopted was that the consensus was that no real-world hacker would ever go to the lengths needed to exploit it. Duong and Rizzo, however, demonstrated that exploiting the vulnerability was, actually, a whole lot easier than people had believed. This meant that, while real-world attacks using it were still highly unlikely, they were nowhere near as improbable as had been thought.
The aftermath of the BEAST attack
The legacy of the BEAST attack was that it highlighted the fact that even the tiniest leak insecurity can become a wide-open floodgate if you leave it unattended for long enough. It really brought home the importance of catching vulnerabilities at an early stage and making sure that the fixes for them are applied in practice rather than just in theory.
At least, it did to those involved with IT security. Sadly, it wasn’t enough to get the message out to everyone involved with IT, let alone the general public, hence the success of the WannaCry attack of 2017. Even today, cybercriminals routinely exploit vulnerabilities in outdated software.
Lessons to be learned - SSL BEAST Attack
Arguably the main lesson to take away from the BEAST attack of 2011 is that taking care of your security fundamentals can go a long way towards keeping your business safe online. In simple terms, you want to make yourself more hassle than you’re worth to the average cybercriminal. Here are a couple of tips.
Minimize your operating systems and software
Ideally, you want everyone to be using the same desktop operating system and the same mobile operating system. If this is not practical, for example, if you are not in a position to update mobile devices concurrently, then you want to keep them within a few iterations of each other. You also want to be in the very close vicinity of the current iteration of your chosen operating system. You certainly want to be using an operating system that is still receiving updates from its vendor/development community.
Minimizing your software is arguably even more important because each item of software is a potential attack vector. You, therefore, need to keep track of any issues relating to its security, apply patches quickly, and be prepared to replace it if it becomes too much of a risk. The more software you use, the more attack vectors you create, and the harder it is for you to keep track of each of them, even with the help of automated tools.
Invest in some basic security tools
SMBs may not have the budget to pay for all the security tools enterprise clients use, but, in reality, they probably don’t need them. They do need a robust anti-malware solution with an integrated firewall for their servers, local computers, and mobile devices. They also need a website vulnerability scanner for their website. Any decent option will have an anti-malware scanner and a web applications firewall. They may also want to sign up for a DDoS mitigation service.
There are other security tools even SMBs can potentially afford but think before you spend your hard-earned cash. It’s often better to have fewer tools and use them really well than to have a whole pile of tools you only partly understand.
cWatch - Protect Against BEAST Attack Exploit
Please click here now to have your website scanned, for free, by cWatch from Comodo.