Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

9/27/2018
02:30 PM
Matt Watchinski
Matt Watchinski
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

How to Keep Up Security in a Bug-Infested World

Good digital hygiene will lower your risk, and these six tips can help.

This past April saw a milestone: the 100,000th common vulnerability and exposure (CVE). Although we've hit a major mark in CVE identifiers, Cisco found that the total number of high-impact vulnerabilities is actually decreasing year over year. That means there are now fewer high-impact vulnerabilities with the potential to affect a large number of users than there were three years ago.

Unfortunately, this lower number is not all good news. As we have seen over the past year, it's easier than ever for bad actors to mass-exploit disclosed vulnerabilities by assuming that a large number of companies can't or don't keep up with patching cycles. The situation is made worse by the ready availability of exploits and tools that can be used for nefarious purposes. Anyone with an Internet connection has access to tools, such as penetration testers and videos that teach people how to tailor them for malicious intent. The sheer number of people wanting information about exploits has made that information a commodity, so it's never been easier to quickly write highly effective exploits.

Take, for example, EternalBlue. Soon after Microsoft issued a patch for an issue with the Windows SMB Server, Shadow Brokers released an exploit in April 2017. A month later, the world was hit by the WannaCry ransomware, which incorporated this exploit into its attack. If that wasn't enough, in June NotPetya was released on the world, which yet again used the same exploit. As everyone saw with the economic impact of WannaCry and the NotPetya, this quick leap to a weaponized exploit turned a possible threat into a real-world attack — fast. Millions of users could have avoided damage if they had applied the patch that Microsoft issued months earlier.

Given the accelerated maturation and deployment of these threats, any organization's first line of defense must include cultivating a solid understanding of where its assets are and a fast, automated way to patch them. Yet despite the growing awareness of the cyber threats that target them, it's easy to find organizations that still aren't taking these steps and aren't practicing the fundamental security basics that would help bolster needed resilience. Proactively embracing the following practices will help:

  • Take patching seriously. Develop, implement, and actively maintain a thorough system for applying patches across your network and IT infrastructure. As soon as vulnerabilities are announced, bad guys are working to exploit them. Reputable vendors are on top of vulnerabilities and regularly make patches available as quickly as possible. But patches won't be effective if they're not applied.
  • To do that, you need to identify everything that is on your network. Conduct a risk-focused evaluation of your existing hardware and software: rank products in terms of which ones create the most effective, essential value, and determine how much risk each product brings based on its age, vulnerabilities, and cyber resilience. With this information, you can then develop a prioritized list for updated technology investments with resilience built in.
  • If your line of business doesn't allow for ready patching, such as with certain medical, industrial or even Internet of Things applications, then segmentation is critical — essentially, creating a security fence around those systems.
  • Another area that many people talk about but often don't actually practice is two-factor authentication. This one simple move means the difference between being alerted to an adversary attempting malicious access and finding out after the attack has occurred. As social engineering continues be one of the most effective tools in an attacker's arsenal, two-factor authentication is critical.
  • Increase visibility across your entire infrastructure. Visibility is especially important for larger organizations (where legacy assets can linger for years) and those adopting shadow IT, where third- and even fourth-party involvement can introduce greatly increased layers of risk.
  • Develop policies and procedures for dealing with those threat postures at scale. Upgrade aging infrastructure and systems, patch quickly, and consistently back up your data. Employ strong password management to impede lateral movement and propagation.

Effectively managing risk requires hardening the overall strength and resilience of your deployed infrastructure and systems. Bad habits — such as not patching and keeping outdated solutions in place — put an organization's overall resilience into jeopardy, increasing risk. Practicing good digital hygiene, starting with and sticking to the fundamentals, will lower that risk.

Related Content:

 

Black Hat Europe returns to London Dec. 3-6, 2018, with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the conference and to register.

Matt Watchinski is the vice president of Cisco Talos, the company's global threat intelligence group. With over 300 security researchers globally, Talos is the largest commercial threat intelligence group in the world. As leader of Talos, Watchinski is responsible for ongoing ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
washplant
50%
50%
washplant,
User Rank: Apprentice
11/19/2018 | 1:48:45 AM
Re: Pending Review
haha, thank you for sharing
Aviation Faces Increasing Cybersecurity Scrutiny
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/22/2019
Microsoft Tops Phishers' Favorite Brands as Facebook Spikes
Kelly Sheridan, Staff Editor, Dark Reading,  8/22/2019
Capital One Breach: What Security Teams Can Do Now
Dr. Richard Gold, Head of Security Engineering at Digital Shadows,  8/23/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15540
PUBLISHED: 2019-08-25
filters/filter-cso/filter-stream.c in the CSO filter in libMirage 3.2.2 in CDemu does not validate the part size, triggering a heap-based buffer overflow that can lead to root access by a local Linux user.
CVE-2019-15538
PUBLISHED: 2019-08-25
An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a ...
CVE-2016-6154
PUBLISHED: 2019-08-23
The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect).
CVE-2019-5594
PUBLISHED: 2019-08-23
An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI.
CVE-2019-6695
PUBLISHED: 2019-08-23
Lack of root file system integrity checking in Fortinet FortiManager VM application images of all versions below 6.2.1 may allow an attacker to implant third-party programs by recreating the image through specific methods.