Vulnerabilities / Threats

9/27/2018
02:30 PM
Matt Watchinski
Matt Watchinski
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

How to Keep Up Security in a Bug-Infested World

Good digital hygiene will lower your risk, and these six tips can help.

This past April saw a milestone: the 100,000th common vulnerability and exposure (CVE). Although we've hit a major mark in CVE identifiers, Cisco found that the total number of high-impact vulnerabilities is actually decreasing year over year. That means there are now fewer high-impact vulnerabilities with the potential to affect a large number of users than there were three years ago.

Unfortunately, this lower number is not all good news. As we have seen over the past year, it's easier than ever for bad actors to mass-exploit disclosed vulnerabilities by assuming that a large number of companies can't or don't keep up with patching cycles. The situation is made worse by the ready availability of exploits and tools that can be used for nefarious purposes. Anyone with an Internet connection has access to tools, such as penetration testers and videos that teach people how to tailor them for malicious intent. The sheer number of people wanting information about exploits has made that information a commodity, so it's never been easier to quickly write highly effective exploits.

Take, for example, EternalBlue. Soon after Microsoft issued a patch for an issue with the Windows SMB Server, Shadow Brokers released an exploit in April 2017. A month later, the world was hit by the WannaCry ransomware, which incorporated this exploit into its attack. If that wasn't enough, in June NotPetya was released on the world, which yet again used the same exploit. As everyone saw with the economic impact of WannaCry and the NotPetya, this quick leap to a weaponized exploit turned a possible threat into a real-world attack — fast. Millions of users could have avoided damage if they had applied the patch that Microsoft issued months earlier.

Given the accelerated maturation and deployment of these threats, any organization's first line of defense must include cultivating a solid understanding of where its assets are and a fast, automated way to patch them. Yet despite the growing awareness of the cyber threats that target them, it's easy to find organizations that still aren't taking these steps and aren't practicing the fundamental security basics that would help bolster needed resilience. Proactively embracing the following practices will help:

  • Take patching seriously. Develop, implement, and actively maintain a thorough system for applying patches across your network and IT infrastructure. As soon as vulnerabilities are announced, bad guys are working to exploit them. Reputable vendors are on top of vulnerabilities and regularly make patches available as quickly as possible. But patches won't be effective if they're not applied.
  • To do that, you need to identify everything that is on your network. Conduct a risk-focused evaluation of your existing hardware and software: rank products in terms of which ones create the most effective, essential value, and determine how much risk each product brings based on its age, vulnerabilities, and cyber resilience. With this information, you can then develop a prioritized list for updated technology investments with resilience built in.
  • If your line of business doesn't allow for ready patching, such as with certain medical, industrial or even Internet of Things applications, then segmentation is critical — essentially, creating a security fence around those systems.
  • Another area that many people talk about but often don't actually practice is two-factor authentication. This one simple move means the difference between being alerted to an adversary attempting malicious access and finding out after the attack has occurred. As social engineering continues be one of the most effective tools in an attacker's arsenal, two-factor authentication is critical.
  • Increase visibility across your entire infrastructure. Visibility is especially important for larger organizations (where legacy assets can linger for years) and those adopting shadow IT, where third- and even fourth-party involvement can introduce greatly increased layers of risk.
  • Develop policies and procedures for dealing with those threat postures at scale. Upgrade aging infrastructure and systems, patch quickly, and consistently back up your data. Employ strong password management to impede lateral movement and propagation.

Effectively managing risk requires hardening the overall strength and resilience of your deployed infrastructure and systems. Bad habits — such as not patching and keeping outdated solutions in place — put an organization's overall resilience into jeopardy, increasing risk. Practicing good digital hygiene, starting with and sticking to the fundamentals, will lower that risk.

Related Content:

 

Black Hat Europe returns to London Dec. 3-6, 2018, with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the conference and to register.

Matt Watchinski is the vice president of Cisco Talos, the company's global threat intelligence group. With over 300 security researchers globally, Talos is the largest commercial threat intelligence group in the world. As leader of Talos, Watchinski is responsible for ongoing ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
washplant
50%
50%
washplant,
User Rank: Apprentice
11/19/2018 | 1:48:45 AM
Re: Pending Review
haha, thank you for sharing
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
2019 Attacker Playbook
Ericka Chickowski, Contributing Writer, Dark Reading,  12/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
[Sponsored Content] The State of Encryption and How to Improve It
[Sponsored Content] The State of Encryption and How to Improve It
Encryption and access controls are considered to be the ultimate safeguards to ensure the security and confidentiality of data, which is why they're mandated in so many compliance and regulatory standards. While the cybersecurity market boasts a wide variety of encryption technologies, many data breaches reveal that sensitive and personal data has often been left unencrypted and, therefore, vulnerable.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19790
PUBLISHED: 2018-12-18
An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restricti...
CVE-2018-19829
PUBLISHED: 2018-12-18
Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known.
CVE-2018-16884
PUBLISHED: 2018-12-18
A flaw was found in the Linux kernel in the NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel id and cause a use-after-free. Thus a malicious container user can cause a host kernel memory corruption and a system ...
CVE-2018-17777
PUBLISHED: 2018-12-18
An issue was discovered on D-Link DVA-5592 A1_WI_20180823 devices. If the PIN of the page "/ui/cbpc/login" is the default Parental Control PIN (0000), it is possible to bypass the login form by editing the path of the cookie "sid" generated by the page. The attacker will have acc...
CVE-2018-18921
PUBLISHED: 2018-12-18
PHP Server Monitor before 3.3.2 has CSRF, as demonstrated by a Delete action.