According to a new report from Tetra Defense, the Root Point of Compromise (RPOC) for attacks against U.S. companies was external exposure. Patchable and preventable external vulnerabilities were found to be responsible for the bulk of attacks:
In Q1 2022, the vast majority — 82% — of total incidents happened through external exposure of either a known vulnerability on the victim’s network or a Remote Desktop Protocol (RDP). Taking a deeper look into these external exposures, they are classified in two ways:
1. “External Vulnerabilities” which could have been mitigated through publicly available security patches and software updates. In these instances, a threat actor utilized a known vulnerability to gain access to the network before the internal organization was able to patch the system. In Q1 57% of total incidents were caused by the exploitation of external vulnerabilities.
2. “Risky External Exposures” which are IT practices such as leaving a Remote Desktop Protocol (RDP) port open to the public internet. These behaviors are considered “risky” because the mitigation relies on an organization’s continued security vigilance and willingness to enforce consistent standards over long periods of time. In Q1, 25% of total incidents Tetra Defense handled were caused by risky external exposures.
That’s not good at all. Mark Bower, VP of Product Management of Anjuna Security had this comment:
“The report once again highlights the simple fact that in an ideal world, enterprises would patch and monitor untrusted compute and networks to keep data safe from leakage, but in truth it’s impossible to continuously down tools and close all risk gaps that affect modern business success. Vulnerabilities exist because they are discovered – but until that point, they are also exploitable holes in systems or processes. However, modern computing today is beginning to provide fresh new approaches to address risks like this, and we will start to see that at scale and in short order with compute ecosystems that shrink attack surfaces inherently for data at rest, in motion and in use.”
Hopefully enterprises of all sizes read this report and take action to secure themselves. Otherwise, they are prime targets for threat actors who are out to make them the next headline.
UPDATE: Aimei Wei, CTO and Co-founder of Stellar Cyber adds this:
“External vulnerabilities and risky external exposures accounted for 82% of the incidents responded by Tetra Defense in Q1 2022. This highlights the critical need for having a threat detection and response system that continuously detect the vulnerabilities and exposed risks (such as RDP port open to the public) and respond automatically. Patching definitely pays off for known vulnerabilities. It greatly reduces the attack surface. However, it is hard to guarantee that the patch is always immediately available for the software version you are using and can be applied in time. Organization’s continued security vigilance and enforcement of standards can dramatically reduce the chances for exploitation from exposed risks. However, the exposed risk, even for a short period of time, may still be exploited. Having a detection and response system that can continuously monitor the environment, detect the exploitation and stops the attack from progression to an incident covers the cases missed by not in-time patch or not consistent enforcement or short period of time for exposed risks.”
Macmillan Pwned In Ransomware Attack
Posted in Commentary with tags Hacked on June 30, 2022 by itnerdMacmillan, one of the largest book publishers in the US, have been hit by a ransomware attack causing book retailers nationwide the inability to place new orders from the publisher. The company first reported the incident Monday, noting that to prevent further damages to its network, it had taken its systems offline.
Darren Williams, CEO and Founder of BlackFog offered this perspective:
“Taking systems offline post attack is a reassuring and necessary response to a ransomware attack such as this one against Macmillan, but as ever, prevention is better than cure.
Organisations need effective, modern protective security measures in place to prevent attacks. A common challenge with traditional defensive approaches to cybersecurity is that they require too much time to adequately protect organisations from these types of attacks, and often lead to a reliance on post-attack measures such as taking systems offline.
Instead of waiting for an attack to happen and then responding, organisations should be focusKevin,ed on newer technologies that prevent the exfiltration of data from the device, effectively stopping the attacker in their tracks. By looking at the mechanism of action across various ransomware gangs it is possible to stop these attacks at many stages of the attack life cycle and prevent a full blown incident such as the one against Macmillan.”
Hopefully they are able to get things sorted soon. Though I think it is safe to say that their long weekend is ruined.
Leave a comment »