Posted on April 18, 2023
Want to interview Gerry?Contact
Cybersecurity experts spend a lot of energy and effort trying to counter the latest threats and exploits, including zero-day vulnerabilities – newly discovered software flaws that have not yet been patched.
But cybersecurity specialists and IT professionals who are responsible for cybersecurity functions in smaller organizations cannot assume that attending to the most recently identified vulnerabilities will keep their organizations safe. They must also make sure that their networks and data are secured against attacks via old vulnerabilities.
Newly identified software vulnerabilities are a danger to everyone, because until a patch is prepared and available, everyone who uses that software is at risk. And since the window between zero-day disclosure and the point at which exploits are available in the wild is shrinking, from an average of 37 days three years ago to just 14 days today, according to Microsoft, the pressure to apply patches quickly has increased. Staying up-to-date on the latest vulnerabilities by subscribing to email updates from the US Cybersecurity and Infrastructure Security Agency (CISA) and monitoring their social media channel is essential.
While most professionals are very aware of the dangers posed by new vulnerabilities, a good deal less attention is focused on old vulnerabilities. Yet as a recent report makes clear, old vulnerabilities are a much greater threat. The report states that 76% of ransomware vulnerabilities being exploited were discovered before 2019, with some going all the way back to 2010.
Cybercriminals know that plugging every possible entry point into a company’s software is difficult – maybe impossible. This may be due to an organization’s insufficient diligence in applying patches as soon as they become available or because out-of-support legacy software remains in use, despite the fact that patches to address vulnerabilities are no longer issued. And sometimes it’s because, unknown to IT, users leverage unauthorized – and vulnerable – “shadow IT”.
Many cybersecurity professionals scan their organization’s software with tools designed to identify software vulnerabilities. While scanning is important, scanners may not reliably detect all vulnerabilities. In fact, out of the 20 vulnerabilities that scanners are known to miss, 18 were first discovered prior to 2019.
The report found that out of 264 old vulnerabilities, 208 have known exploits. 131 of these old vulnerabilities with known exploits have Remote Code Execution/Privilege Escalation capabilities which make them especially dangerous. It is no surprise then, that 119 of these are actively trending on the dark web as cybercriminals seek avenues into corporate IT assets.
The old vulnerabilities most associated with the latest ransomware attacks come from leading vendors such as Microsoft, Red Hat, Novell, and Gentoo. Microsoft Windows in particular has the largest number of old vulnerabilities that are associated with new ransomware attacks.
Sometimes, installing the latest software patches and updates alone is not enough. A recent attack on VoIP telecom company 3CX shows the dangers of “opt-in” security fixes, as covered in Supply Chain Attack Against 3CXDesktopApp, a new CISA alert that provides information as well as relevant links.
In the attacks, 3CX’s voice and video conferencing app was infected with a trojan, potentially enabling multi-stage cyberattacks on app users.
Cybercriminals got into the app by exploiting a ten-year-old vulnerability in Microsoft Windows, CVE-2013-3900. The vulnerability makes it possible for an attacker to modify an existing signed file to insert malicious code without invalidating the signature that would flag the file as having been modified, and therefore potentially dangerous.
Microsoft issued a fix back in 2013, but made it optional. To apply the fix, users must edit an entry in the Windows Registry. It is presumed that Microsoft chose to make the fix optional because it could potentially also invalidate legitimate signed executables, causing headaches for some customers.
While the “optional” classification may have convinced some professionals not to apply the fix, even organizations that did apply it may not be protected. Many IT and cybersecurity professionals may not realize that if the fix was applied on Windows 10, it would be erased when the organization upgraded to Windows 11, and the change in the registry file would therefore need to be re-applied. IT managers who didn’t notice that may have thought they fixed the problem by editing the registry, only to be exposed again after upgrading to Windows 11.
Several steps can help organizations safeguard against the software vulnerabilities that leave them exposed to ransomware attacks.
While it’s certainly critical to keep up to date on security patching and upgrades, it is also likely that some vulnerabilities will be missed. It could be a brand new zero-day exploit, or it could be an old vulnerability that was overlooked, such as what likely happened with 3CX.
WAI protects vulnerable, unpatched apps from exploits that get past other defenses, like WAFs. App surfaces are cloaked from the view of malicious actors, so vulnerabilities that may be present cannot be seen. RBI blocks exploits from being delivered via the web, emails, or downloaded files. Together, along with additional ZTEdge Security Service Edge (SSE) capabilities, they add a vital extra layer of protection for potentially vulnerable apps.
A comprehensive Zero Trust based approach is the best way to protect your IT assets from the latest vulnerabilities and exploits as well as from other types of cyberattacks such as phishing, brute force attacks, or social engineering. Contact us today to learn more.
Zero Trust Security in 2023: The State of the Art has Arrived
Why is Zero Trust adoption happening more rapidly than anyone anticipated? What are the positive and negative forces behind this growth?
Going Bold: Cybersecurity is Not for the Faint of Heart
Ericom's new website features a new design, colors, and logo symbolize the strong protection offered by our cloud-based cybersecurity solutions
New Variant of Credential-Stealing Browser Malware
The new Zaraza bot successfully decrypts encrypted user credentials stored in browsers and exfiltrates them to Telegram servers for purchase by aspiring cybercriminals.