The top 5 applications you should blacklist

Nov. 10, 2016
Blacklisting should be used to target prohibited or high-risk apps

This year has been a busy one for cyber criminals. Reports indicate that there have been over 500 data breaches and more than 500 million records exposed in 2016 so far. This includes the disclosure of 427 million MySpace records, 68 million Dropbox User records and 117 million user emails and password details at LinkedIn. The healthcare, retail, technology, financial, and governmental sectors head the list of business areas that were the most targeted throughout the year.

Advanced Persistent Threats (APT’s) are on the rise, while "ransomware" and the use of targeted phishing attacks are being used for financial blackmail and to gain access or leak sensitive, confidential information. No one is excluded from these threats and no company or individual is too small to be a target.

To put things in perspective, 75 percent of small businesses were a target of a cyber-attack and because cyber security defenses are typically lacking, steps must be taken to protect data and reduce the risk of an attack.

Systems pose an easy target for attackers because they often run legacy operating systems, applications and may not apply security updates due to the potential for breaking legacy systems. Security compliance and complexity of the systems make security a larger task and therefore typically has been lower in priority. Companies will continue to be vulnerable to cyber-attacks and data disclosures until they implement more secure measures to protect, detect and respond against these threats.

A major concern is the ever growing and increasing complexity of patching systems and applications. The importance of "patch management" is huge since it can mitigate more than 80 percent of cyber threats, leaving only those nasty zero days to deal with. Vulnerabilities are growing each year and out of the exploited vulnerabilities in 2015, 99.9 percent of them had a CVE (Common Vulnerabilities and Exposures) published.

Companies globally use a mass of applications in order to make their business function, and with millions of applications to choose from, that help with accessing emails, browsing the internet, running videos, listening to audio/music, mathematical calculations, simulations and many more business functions. Many of these applications are very widely used and some companies become very dependent on these applications to keep their business running however applications do and will have vulnerabilities which makes companies more exposed to hackers and cyber criminals exploiting those vulnerabilities to easily exploit and access systems running those applications.

Each year many CVE’s are posted on the National Vulnerability Database, which helps alert companies who are using these applications and inform them on the mitigation controls to reduce the risks of using such applications. Some applications, however, pose a much greater risk and unless those systems running these applications are locked down significantly the only alternative options are to blacklist them or remove them completely. Let’s take a look at some of those applications.

#1 Appl QuickTime for Windows 

Apple QuickTime is a multimedia framework that was used for handling various digital video formats and was available on multiple platforms for Mac OS and Windows. The Windows version was also bundled in some versions of iTunes and also many applications that required QuickTime to play digital content provided download links to make it easy for someone to quickly install.

This year Apple decided to discontinue support for QuickTime on Windows and with several severe and dangerous security vulnerabilities that a hacker could exploit allowing them to take full control over your computer. QuickTime is no longer being updated and these security flaws or any newly discovered vulnerabilities will unlikely be fixed. This truly means that QuickTime for Windows is dead and should no longer be used.

This application should immediately be blacklisted and removed from all systems.

#2 Adobe Flash Player 

Adobe Flash Player formally known as "Macromedia Flash" or "Shockwave" is a multimedia application that helps enrich the experience when browsing the Internet and allows streaming of video and audio. It is also used in some desktop applications, mobile applications and games.

However, for many years, Flash has had a very poor record for security and vulnerabilities are everywhere for flash with over 400 CVE’s being published. Hackers and cyber criminals have been exploiting it for many years as it enables them to listen to your conversations and use your web camera to watch you in your office or home. Many web browsers have removed support for flash and block it from running, however, many companies and consumers are still using older web browser which still allow flash to run.

It is highly recommended to use the latest versions of web browsers (Microsoft Edge, IE, Firefox or Chrome) and to blacklist Adobe Flash or remove it from your system.

#3 Apple iTunes for Windows 

Apple iTunes is a media player, media library and mobile device management software developed by Apple in order to be able to organize and manage all of the company's mobile devices and digital media. It is almost impossible to use an Apple device without requiring the need to use iTunes. However, if you are a Windows user with an Apple device, then using iTunes on Windows is a major security risk. Apple iTunes has had more than 100 CVE’s published and is consistently in the top 10 most vulnerable applications each year. It is also commonly known that apple users do not keep updating iTunes to the latest versions, which typically come with many security updates or you could be using an outdated version that is also bundled with Apple QuickTime, which is listed as the top security risk with many existing exploits.

With iTunes posing a major security risk for many organizations and due to many old and legacy versions containing known and exploitable vulnerabilities, it is recommended to blacklist Apple iTunes for Windows or remove this from your systems.

#4 Old and Legacy Versions of Oracle Java 

Java software developed by Sun Microsystems which was then acquired by Oracle is used for developing cross platform software used for playing games, communicating with people, running online apps and for viewing images among many other things and is found on almost all websites or internet applications. It is commonly known for its security vulnerabilities, existing exploits and is consistently listed in the top 10 most vulnerable applications each year. Java is being updated frequently, however, with many zero day vulnerabilities that hackers will look to exploit and take control of your systems. Oracle states that 97 percent of enterprise desktops run Java and that there are more nine million Java developers worldwide. In addition, three billion mobile phones run Java, while another 125 million TV devices also leverage the software. The major problem that exists is the frequent patching and updating of Java required to stay secure and safe. Many browsers even today stop allowing you to run and execute older versions of Java so that helps limit the exposure. However, to mitigate this risk further it is recommended that you should blacklist all old and highly vulnerable versions of Java or remove them from systems that do not require Java for running business operations.

#5 Microsoft Office 2007 

With Microsoft Office 2007 about to officially end extended support in October 2017 and with mainstream support already ending in 2012 this means the end of life is coming for Office 2007. So if you are still using Office 2007 do not expect any further security updates in which it is a common target for many hackers and cyber criminals to find exploits in these applications due to its high common use across many organizations and consumers. Microsoft frequently provides many critical security updates so it is always important to stay patched and up to date with the latest versions and this makes moving away from Office 2007 more critical now than ever before due to the end of life. Office 2007 has very poor security, privacy, auditing and sharing features so while hackers target it, it also does not provide enough protection on the data created using Office 2007.

If you are using Microsoft Office 2007 it is recommended to upgrade to the latest version, blacklist these older versions and remove them from your systems.

Take Action Now to Minimize Your Risks

It is hugely important that companies take a proactive approach to blacklisting and removing high-risk applications or applications that have entered end-of-life; they should be removed as they no longer get critical security updates to remove any major security flaws discovered. Hackers and cyber criminals commonly target these security flaws.

Blacklisting applications is a method used to prevent the installation or running of such applications and are denied system access. Blacklisting should be used to target prohibited applications or applications that cause a significant high security risk to companies like the applications listed above.

Blacklisting applications should be used in conjunction with application whitelisting and application graylisting or dynamic listing.

There are a variety of tools out there that can help you to control what and how applications are permitted to run in an environment and even allow flexibility in whitelisting, blacklisting and graylisting (Dynamic) of applications.

Be sure to stay safe out there and be cautious on the applications you let in to your digital world - and take the right measures to do so. 

About the Author: Joe Carson is a cyber security professional with more than 20 years’ experience in enterprise security & infrastructure. Currently, Carson is the Head of Global Strategic Alliances at Thycotic. He is an active member of the cyber security community and a Certified Information Systems Security Professional (CISSP).

About the Author

Joseph Carson | Chief Security Scientist & Advisory CISO at Delinea.

Joseph Carson is a cybersecurity professional with more than 25 years’ experience in enterprise security and infrastructure. Currently, Carson is the Chief Security Scientist & Advisory CISO at Delinea. He is an active member of the cybersecurity community and a Certified Information Systems Security Professional (CISSP). Carson is also a cybersecurity adviser to several governments, critical infrastructure organizations, and financial and transportation industries, and speaks at conferences globally.