No IT leader wants to tell the C-suite about a serious breach that took advantage of a known infrastructure vulnerability.
Hackers develop new attack strategies so often that it’s easy to forget a fundamental truth about cybersecurity: hackers don’t have to rely on finding new vulnerabilities. The inability of organizations to promptly address the rapidly growing number of known vulnerabilities means they can successfully breach their target’s defenses using well-understood exploits.
For example, exposed in December 2021, Log4J is a flaw in a ubiquitous open-source framework that could enable attackers to take complete control of a server — and though it’s more than a year old, now, hackers are still attempting to exploit it. A study from Tenable found that as of October 2022, 72% of organizations remained vulnerable to Log4J [1], and in November, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) reported that an Iranian-sponsored group compromised a federal network in an attack that leveraged Log4J [2].
It’s disturbing that such a dangerous, highly publicized vulnerability would remain unpatched in most environments for nearly a year after its discovery. And the Log4J example is just the tip of the iceberg. CIASA began compiling its Known Exploited Vulnerabilities (KEV) catalog in November 2021. As of February 2023, the number of vulnerabilities was approaching 900.
Bad actors are chomping at the bit to exploit these vulnerabilities to steal data, launch ransomware attacks, and wreak havoc. For example, the Conti Group is a Russian organization that launches devastating ransomware attacks based on a franchise model. The damage they’ve caused is so devasting that one nation, Costa Rica, declared a national emergency last year [3]. And Conti leverages dozens of known vulnerabilities listed in the CISA KEV catalog to do their malicious work.
With so many vulnerabilities identified in the last two years, no organization can keep up using manual systems, especially given the vast complexity of modern IT infrastructures. Missing a single patch on a single server could create an attack opening.
Prevention practices should include the deployment of an automated platform to identify, report on, and patch vulnerable systems. Reputable third-party services can further enhance your defenses by continuously searching for and patching the latest vulnerabilities.
IT teams also need to understand the state of their infrastructure to enable continuous compliance. Most organizations do not know which of their endpoints, for example, are on the latest patch for their standard operating system, much less other software applications.
HCL’s answer to cybercrime
BigFix CyberFOCUS Analytics is a new capability designed to help IT Operations team discover, prioritize, and patch critical vulnerabilities and reduce cybersecurity risk in real time. Unlike siloed processes based on disparate teams and tools, BigFix delivers a single, integrated solution that eliminates the inefficiencies in passing data from multiple tools to the different teams who are responsible for enterprise security.
BigFix CyberFOCUS Analytics are included with BigFix Lifecycle, BigFix Compliance, and BigFix Remediate. By leveraging endpoint information that only BigFix knows, BigFix CyberFOCUS Analytics provides the ability to simulate vulnerability remediations, to define and manage Protection Level Agreements (PLAs) and analyze CISA Known Exploited Vulnerability exposures.
With proper planning and preparation, IT leaders can sleep a bit easier knowing that their environment can repel attacks that exploit known vulnerabilities. And with their defenses in place, they can react quickly should an attack get through.
Be ready before an attack occurs. Learn more at https://www.hcltechsw.com/bigfix/products/cyberfocus
[1] Tenable. Tenable Research Finds 72% of Organizations Remain Vulnerable to “Nightmare” Log4j Vulnerability. 30 November, 2022. https://www.tenable.com/press-releases/tenable-research-finds-72-of-organizations-remain-vulnerable-to-nightmare-log4j. Retrieved 25 February 2023.
[2] CISA. Cybersecurity Advisory: Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester. 25 November 2022. https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-320a. Retrieved 25 February 2023.
[3] AP. Costa Rica declares national emergency amid ransomware attacks. The Guardian. 12 May 2022. https://www.theguardian.com/world/2022/may/12/costa-rica-national-emergency-ransomware-attacks. Retrieved 25 February 2023.
Data and Information Security
Read More from This Article: Are you protected against vulnerabilities with known exploits?
Source: News