Security Boulevard (Original)

The True Danger for Organizations: Unpatched Vulnerabilities

It is no secret that 2021 saw an increase in cyberattacks all around the globe; specifically in critical infrastructure organizations. In October of that year, The U.S. Cybersecurity and Infrastructure Security Agency issued Alert AA21-287 in response to cyberattacks targeting the financial, gas, food and transportation sectors. The advisory was released to draw attention to infrastructure vulnerability and the facilities being targeted by hostile cyber activity. It seems that every year, new software comes out that should limit the number of ransomware attacks, but every year attacks seem to increase. Why is that? 

Cyberattack groups succeed when they are one step ahead, and they know they have to evolve their tactics going into a new year. In fact, Check Point Research reported that cyberattacks have recently increased 50% year-over-year. In 2022, ransomware methods and cyberattack techniques, in general, continue to change, demonstrating actors’ growing technological sophistication and the growing threat to enterprises around the world. But there is one way, in particular, they keep getting in—by exploiting system vulnerabilities. 

How Attackers Exploit Vulnerabilities

A study from Ponemon Institute showed 60% of cyberattack victims were breached due to an unpatched vulnerability. The study showed that in a time where known security flaws are the primary cause of data breaches, most businesses are dealing with technologies and practices that aren’t up to par. Organizations must keep those weaknesses hidden from the public eye or measuring control hazards will become impossible as a result.

While updating systems can take a few hours, previous breaches have proven that failing to patch systems with the most recent security upgrades can be more costly. 

Learning From the News

In February 2022, the Cybersecurity and Infrastructure Security Agency (CISA) released two alerts that had enterprises and government infrastructures reevaluating their cybersecurity protocols. One alert stated that, from January 2020 through February 2022, the FBI, the National Security Agency (NSA) and CISA all saw Russian state-sponsored cyberattacks on U.S.-cleared defense contractors. Simple passwords, unpatched systems and unwitting personnel were all taken advantage of by the attackers to obtain initial access before advancing across the CDC network to establish persistence and exfiltrate data. The information obtained provided valuable insight into the development and deployment schedules for U.S. weapons platforms, vehicle specs and plans for communications infrastructure and information technology. 

The other CISA alert reported that cybersecurity authorities in the United States, Australia and the United Kingdom observed a surge in high-impact ransomware attacks on critical infrastructure firms around the world in 2021. Additionally, the FBI, CISA and NSA discovered ransomware incidents across 14 of the 16 key infrastructure sectors in the United States, including the defense industrial base, emergency services, food and agriculture, government facilities and information technology.

The CISA alerts showed that spear phishing, credential harvesting, brute force/password spray techniques and known vulnerability exploitation against accounts and networks with weak security have all been employed by Russian state-sponsored cyberattackers in the past to obtain access to target networks. Simple passwords, unpatched systems, and unsuspecting personnel are used by these actors to obtain initial access before moving laterally through the network to create persistence and exfiltrate data. The current situation also indicated that Russian state-sponsored attacks will rise due to the ongoing Ukraine conflict. 

Assessing Vulnerabilities Based on Weaponization; Prioritizing Based on Risk Levels

To become aware of vulnerabilities, organizations need to invest in discovering and maintaining their attack surface. An attack surface is the summation of all points of entry that an attacker could breach. Tools such as vulnerability scanners, application and event monitoring systems and patch management systems, among others, are helpful ways to manage your attack surface. Once your organization is aware of its vulnerabilities, where do you start patching? For an effective patching strategy, vulnerabilities should be prioritized. That can be done through risk scoring.

The Importance of Risk Scoring

By calculating the risk for each group inside your business, your team will be able to create a workflow engine that allows collaboration between your security and IT operations teams, expediting remediation processes and drastically reducing time-to-remediation.

It’s important to understand that shifting away from traditional approaches will take time, resources and cooperation across information systems and the business. However, scenarios from the past two years and ongoing attacks during the Ukraine/Russia conflict have shown us that doing so, in the end, will provide a significant return on investment. 

Aaron Sandeen

Aaron Sandeen is the CEO and co-founder of Cyber Security Works (CSW), a DHS-sponsored company focused on helping leaders proactively increase their resilience against ever-evolving security threats on-prem and in the cloud. Aaron leads CSW in providing intelligent and actionable security insights at every layer of company operations.

Recent Posts

Cybersecurity Infrastructure Investment Crashes and Burns Without Governance

Just like pilot awareness is crucial during unexpected aviation events, cybersecurity's traditional focus on infrastructure needs to shift to more…

2 hours ago

Hundreds of Clusters Attacked Due to Unpatched Flaw in Ray AI Framework

Thousands of servers running AI workloads are under attack by threat actors exploiting an unpatched vulnerability in the open-source Ray…

2 hours ago

Using Generative AI to Understand How an Obfuscated Script Works

Tackling Code Obfuscation When facing a new technical challenge, I’m someone who often feels "in over my head," I tackle…

2 hours ago

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Jerusalem, Israel, March 28th, 2024, Cyberwire In 2023 alone, more than 10 customers and partners signed commercial agreements with C2A Security,…

2 hours ago

How a Security Data Fabric Approach Can Transform the GRC Function

Creating a security data fabric protects an organization’s investment in its security and other IT controls by identifying performance issues…

3 hours ago

Who You Gonna Call? For Incident Response

Gary Perkins, Chief Information Security Officer  Globally, no organization is immune to attack. Cybersecurity threats are a reality and every…

6 hours ago