Invincea delivers an enterprise grade breach prevention platform. Capabilities they field include an ability to run software in a totally virtualized environment so key applications function as normal from the perspective of users but enable the enterprise to isolate any malicious activity. They deliver a virtualization solution for your web browser that keeps the browser in its own virtual environment separate from the desktop operating system to protect users against all types of malware threats. This solution also works for PDF readers, the Microsoft Office suite, .zip and .exe as well. In all cases the user gets seamless functionality, and the enterprise gets protection from breach.
We have written about Invincea before, and recently hosted Invincea CEO Anup Ghosh for a podcast (listen online here).
There has been quite a bit of news on Invincea lately. Much of this is because of their deep bench of technical talent and the ability of their solutions to stop zero-day attacks. They mitigate the threat of spear-phishing, enhance endpoint security significantly, and stop malicious code from websites from infecting your enterprise. Since all of those are required by enterprises to mitigate threats this all contributes to the buzz around this great capability.
My recommendation for any security professional is to take the demo at the Invincea website.
I’d also like to spell out a few items from a recent case and some capabilities of Invincea to underscore how significant a solution Invincea provides.
- On Wednesday 1 May Invincea reported that a Department of Labor website was compromised to re-direct visitors to a website that executed a driveby download of an exploit for IE8. This was a sophisticated, never before seen attack (a zero-day attack). Upon other analysis, it was determined that the attack was designed to target department of energy employees and their department of labor representatives dealing with nuclear related illnesses linked to department fo energy activities. Many indicators in the attack point to the Chinese DeepPanda previously analyzed and written about by Crowdstrike.
- Invincea worked with a broad collective of security practitioners to help mitigate these problems, including helping Microsoft understand the nature of this vulnerability (they will fix it, eventually).
Invincea users are protected from this sort of threat as well as other zero-day exploits. For non-Invincea users, there are no known mitigations for this exploit. For users of IE8, there is no patch currently available and with this exploit being out in the wild, the potential risk for damage is high. If you are not using Invincea, the prudent thing is to switch to an alternate browser such as Mozilla Firefox or Google Chrome, if possible, until an official patch has been released by Microsoft. Or better yet, get Invincea so you are protected against this and future zero-day exploits.
On Wednesday May 1st, Invincea reported that the Dept of Labor website was compromised to re-direct visitors to a website that in turn executed a driveby download exploit of IE8 in order to install the Poison Ivy backdoor Trojan. Our initial reporting and those of other researchers believed that a known vulnerability (CVE-2012-4792) in IE8 was being exploited by this malicious website.
Since this initial reporting, a number of developments have emerged that we summarize in this Part 2 blog. First, the web pages that were compromised on the DoL site are intended for Dept of Energy employees (and their DoL representatives) in dealing with nuclear-related illnesses linked to Dept of Energy facilities and the toxicity levels at each location as reported here. As such the this compromise is now widely believed to be a watering hole attack that involves compromising one Federal Dept (DoL) to target another (DoE). Furthermore, AlienVault is reporting that the C&C protocol involved with this attack matches that of Chinese APT DeepPanda that has been previously analyzed by Crowdstrike.
Invincea has been notified that Microsoft is aware of this vulnerability and is currently investigating. Fortunately, Invincea users are protected from this threat as well as other zero-day exploits. For non-Invincea users, there are no known mitigations for this exploit that is currently in the wild. For users of IE8, there is no patch currently available and with this exploit being out in the wild, the potential risk for damage is high. If you are not using Invincea, we advise switching to an alternate browser such as Mozilla Firefox or Google Chrome, if possible, until an official patch has been released by Microsoft. Or better yet, get Invincea so you are protected against this and future zero-day exploits. We also performed some limited testing with IE6 and IE7 on the XP platform and the specific exploit code seen in this attack does not appear to affect those browser versions. There are also reports that this vulnerability may affect IE8 on the Windows 7 platform, however Invincea cannot confirm those reports at this time.