Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

9/27/2018
02:30 PM
Matt Watchinski
Matt Watchinski
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

How to Keep Up Security in a Bug-Infested World

Good digital hygiene will lower your risk, and these six tips can help.

This past April saw a milestone: the 100,000th common vulnerability and exposure (CVE). Although we've hit a major mark in CVE identifiers, Cisco found that the total number of high-impact vulnerabilities is actually decreasing year over year. That means there are now fewer high-impact vulnerabilities with the potential to affect a large number of users than there were three years ago.

Unfortunately, this lower number is not all good news. As we have seen over the past year, it's easier than ever for bad actors to mass-exploit disclosed vulnerabilities by assuming that a large number of companies can't or don't keep up with patching cycles. The situation is made worse by the ready availability of exploits and tools that can be used for nefarious purposes. Anyone with an Internet connection has access to tools, such as penetration testers and videos that teach people how to tailor them for malicious intent. The sheer number of people wanting information about exploits has made that information a commodity, so it's never been easier to quickly write highly effective exploits.

Take, for example, EternalBlue. Soon after Microsoft issued a patch for an issue with the Windows SMB Server, Shadow Brokers released an exploit in April 2017. A month later, the world was hit by the WannaCry ransomware, which incorporated this exploit into its attack. If that wasn't enough, in June NotPetya was released on the world, which yet again used the same exploit. As everyone saw with the economic impact of WannaCry and the NotPetya, this quick leap to a weaponized exploit turned a possible threat into a real-world attack — fast. Millions of users could have avoided damage if they had applied the patch that Microsoft issued months earlier.

Given the accelerated maturation and deployment of these threats, any organization's first line of defense must include cultivating a solid understanding of where its assets are and a fast, automated way to patch them. Yet despite the growing awareness of the cyber threats that target them, it's easy to find organizations that still aren't taking these steps and aren't practicing the fundamental security basics that would help bolster needed resilience. Proactively embracing the following practices will help:

  • Take patching seriously. Develop, implement, and actively maintain a thorough system for applying patches across your network and IT infrastructure. As soon as vulnerabilities are announced, bad guys are working to exploit them. Reputable vendors are on top of vulnerabilities and regularly make patches available as quickly as possible. But patches won't be effective if they're not applied.
  • To do that, you need to identify everything that is on your network. Conduct a risk-focused evaluation of your existing hardware and software: rank products in terms of which ones create the most effective, essential value, and determine how much risk each product brings based on its age, vulnerabilities, and cyber resilience. With this information, you can then develop a prioritized list for updated technology investments with resilience built in.
  • If your line of business doesn't allow for ready patching, such as with certain medical, industrial or even Internet of Things applications, then segmentation is critical — essentially, creating a security fence around those systems.
  • Another area that many people talk about but often don't actually practice is two-factor authentication. This one simple move means the difference between being alerted to an adversary attempting malicious access and finding out after the attack has occurred. As social engineering continues be one of the most effective tools in an attacker's arsenal, two-factor authentication is critical.
  • Increase visibility across your entire infrastructure. Visibility is especially important for larger organizations (where legacy assets can linger for years) and those adopting shadow IT, where third- and even fourth-party involvement can introduce greatly increased layers of risk.
  • Develop policies and procedures for dealing with those threat postures at scale. Upgrade aging infrastructure and systems, patch quickly, and consistently back up your data. Employ strong password management to impede lateral movement and propagation.

Effectively managing risk requires hardening the overall strength and resilience of your deployed infrastructure and systems. Bad habits — such as not patching and keeping outdated solutions in place — put an organization's overall resilience into jeopardy, increasing risk. Practicing good digital hygiene, starting with and sticking to the fundamentals, will lower that risk.

Related Content:

 

Black Hat Europe returns to London Dec. 3-6, 2018, with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the conference and to register.

Matt Watchinski is the vice president of Cisco Talos, the company's global threat intelligence group. With over 300 security researchers globally, Talos is the largest commercial threat intelligence group in the world. As leader of Talos, Watchinski is responsible for ongoing ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
washplant
50%
50%
washplant,
User Rank: Apprentice
11/19/2018 | 1:48:45 AM
Re: Pending Review
haha, thank you for sharing
7 Truths About BEC Scams
Ericka Chickowski, Contributing Writer,  6/13/2019
DNS Firewalls Could Prevent Billions in Losses to Cybercrime
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/13/2019
Can Your Patching Strategy Keep Up with the Demands of Open Source?
Tim Mackey, Principal Security Strategist, CyRC, at Synopsys,  6/18/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-2729
PUBLISHED: 2019-06-19
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise ...
CVE-2019-3737
PUBLISHED: 2019-06-19
Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 are affected by an LFI vulnerability which may allow a malicious user to download arbitrary files from the affected system by sending a specially crafted request to the Web Interface application.
CVE-2019-3787
PUBLISHED: 2019-06-19
Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending ?unknown.org? to a user's email address when one is not provided and the user name does not contain an @ character. This domain is held by a private company, which leads to attack vectors including password recovery emails sent to ...
CVE-2019-12900
PUBLISHED: 2019-06-19
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
CVE-2019-12893
PUBLISHED: 2019-06-19
Alternate Pic View 2.600 has a User Mode Write AV starting at PicViewer!PerfgrapFinalize+0x00000000000a8868.