Blended Attacks
Now that we’ve discussed some techniques for identifying the protocol handlers for each operating system, we will demonstrate how protocol handlers have been used in blended attacks. Why are blended threats so effective? Typically, well-written, secure software is designed with certain threats in mind. These threats are normally defined during a threat model. Threat models are typically done in isolation, considering the consequences of direct attacks against the software being created. In an attempt to keep the threat model (and subsequent security effort) manageable, certain security assumptions are made and some threats are considered out of scope. For example, many threat models consider attacks in which the attacker already has the ability to write to the filesystem out of scope and ignore defenses against those attacks. This is where blended threats have the most impact. Blended threats take advantage of weaknesses in two (or more) different pieces of software to compromise or steal data from a victim’s system. Modern-day information systems are not homogeneous systems consisting of software from a single organization. Instead, systems are heterogeneous, consisting of software from various (many times, competing) publishers and organizations. This myriad software on our systems creates a web of interaction among numerous pieces of software that the attacker focuses on in blended attacks. Although blended attacks exist in many forms, the examples in the following ...