Threat Intelligence Analyst at Talion, Natalie Page gives her exclusive insight on the power of prompt patching in the fight against ransomware gangs as they increasingly exploit vulnerabilities at an alarming rate.
Since the dawn of cyber, security vulnerabilities have consistently been a key concern for cyber analysts defending against threat actors who leverage exploits to assist in the success of their malicious campaigns. It seems each day, we now witness emerging news regarding new weaknesses found within security systems being leveraged by adversaries, with attackers across all motivation classifications utilising vulnerabilities to disseminate some of the largest campaigns the cyber community has ever witnessed.
Last year it was reported that 22% of all cyber-attacks leveraged one or more vulnerabilities during an infiltration, with 17% of ransomware attacks found to be leveraging an exploit in 2020. To identify a specific exploit, a common vulnerabilities and exposures (CVE) code is assigned to each individual flaw, during 2020, 17447 individual CVE’s were recorded. In 2016 this number was nearly 3 times less, at 6447 recorded CVE’s.
The success stories of 2020
To grasp an idea of how widespread this issue is, last September we saw sophisticated Iranian threat groups Pioneer Kitten and UNC757, leverage publicly known VPN vulnerabilities in their attacks. In October 2020, the National Security Agency published a report detailing 25 publicly known vulnerabilities being utilised by Chinese state sponsored hackers, way after patches had been made publicly available.
The Russian intelligence services utilised vulnerabilities effecting a large number of VMWare products, during a campaign in November last year. Not to forget the now infamous SolarWinds attack, which we now know successfully infiltrated via vulnerabilities within the products Orion Platform, effecting over 18,000 organisations worldwide.
More recently, the emerging news regarding Microsoft Exchange servers, with an estimated 30,000 severs hacked thus far. At the time of writing, investigations into this incident are still very much in the early stages, but security researchers anticipate a colossal fall out over the coming months, due to the slow patching process many organisations are enduring to correct their network security.
Within the first week of this issue being made public, stealthy ransomware gangs have adopted the method to their toolset and a proof of concept (PoC) enabling the lowest level of hacker, to disseminate attacks via the exploit has emerged. All of this considered, we haven’t even scratched the surface of this problem.
Hurdles & Heroes
Patching, or the lack of, has been a growing concern within the cyber community, with the success of a large proportion of attacks last year being the result of patches not being implemented promptly. Google found that 25% of all zero-days found in 2020 could have been prevented with timely patching.
This is an issue which was echoed by the health sector, one of the most targeted sectors of 2020, who stated that most of the attacks they received could have also been prevented with swiftly implemented security updates. To further underpin the issue of unimplemented patches, at the time of writing, researchers have found a Microsoft Office vulnerability first discovered in 2017, is still one of the most frequent exploits being successfully utilised by attackers.
Recently, Google stated that one of the main contributors to the rapid increase in the amount of vulnerabilities we are now witnessing is the ease with which attackers can edit and deploy new exploit versions, via small changes to as little as a single line of code within a previously addressed exploit, to instantly create a new zero day. There is also the issue of vulnerabilities that have not been assigned a CVE code, or addressed with any patching. It is believed that for every vulnerability we are attributing a CVE code, as many flaws are being overlooked across the cyber landscape and not assigned a code.
Helping us fight this continual battle are the white hat hackers known as bug bounty hunters, individuals ethically searching for these vulnerabilities for good, to uncover flaws and notify the cyber community. In 2020, bug bounty hunters earned a staggering £28 million for their efforts to flag a vast number of exploits to software companies.
The time to act is now
It is estimated that businesses are now spending an estimated £50 million a year on security breaches, a number which we foresee shall increase drastically in the imminent future. All business owners small, medium or large, should prioritise funding and time to the regular updating and maintenance of their network, to give the organisation the best possible chance of protection against the unforeseeable threat of a cybersecurity breach.
With more devices than ever now connected to the internet, and the rate at which the global market is continually growing and evolving, patch management has never been more paramount. As our cyber world continues to advance and the sophistication of attack methods follows, these incidents shall continue to spread at an exponential rate. Patching and, where possible, keeping systems and devices up to date with the latest operating systems and firmware is one of the best lines of defence and will go a long way in preventing more catastrophic breaches.