Cybercriminals focus most of their energy on a relatively small number of vulnerabilities and targets according to the latest Global Threat Intelligence Centre report from NTT Ltd. The report shows that 84% of all observed attacks come from just the top 10 vulnerabilities.
Since lockdown, attacks have targeted apps and hardware that are being used by a widely dispersed workforce. The report notes: “In June 2020, attacks against networking products (i.e., Zyxel, Netis, Netcore, Netgear, Linksys, D-link and Cisco) and video cameras accounted for about 32% of all attacks. Many of these were brute force or authentication attacks.”
June also saw 41% of attacks focused on just eight technologies, according to the GTIR. It says: “If you can patch these, attackers have far fewer targets they can take advantage of, significantly lower the risk of attack.”
What are those eight technologies?
The GTIR lists the eight technologies along with related CVEs that it says are responsible for that 41% of attacks. They are:
- Oracle Products CVE-2019-2725
- ThinkPHP CVE-2019-9082
- Joomla! CVE-2019-9184 and CVE-2015-8562
- vBulletin CVE-2019-16759
- Apache Products CVE-2019-0232 and CVE-2017-5638
- OpenSSL CVE-2014-0160
- IIS CVE-2017-7269
- WordPress CVE-2020-7048 and CVE-2019-6703
Some of these vulnerabilities are rated as a perfect 10. It means they should be patched immediately. Others are slightly less serious, but should also be patched. All have exploits available for them, or NTT Ltd would not have seen attacks trying to take advantage of them.
Most of these vulnerabilities also affect multiple versions of the underlying products. This is where many vulnerabilities become dangerous. Older versions of software are often less likely to be patched. This is because they are not used constantly and top of mind for IT operations teams. As such, attacks against them can often be much more successful than against new versions of software.
A number of these vulnerabilities, and those in the top twenty most attacked, underpin enterprise web-based and web-enabled apps. The lockdown has seen enterprise IT departments shift app development to make web enablement a key criteria. For some businesses, they have had to develop a web strategy from scratch, often with limited experience.
In all these cases, attacks against the technologies that underpin these new apps are a significant issue. It means that organisations need to think harder about the technologies they use and how to secure them effectively.
Six steps to manage exposure to application attacks
The GTIR lists six things that enterprises can do to reduce their exposure to application attacks. While none of these is a solution all by itself, they all build-up to create a more secure environment. The six steps are:
- Ensure you maintain an effective secure development program.
- Patch or update your environment, at least in the critical or internet accessible systems.
- Add a web-application firewall (WAF) to help protect your exposed systems from attacks.
- Segregate your internal environment.
- Use the least privileged account you can and still allow viable use of an application.
- Test your applications.
What is important is that these are not six steps that can be implemented by any single team in IT. They are about a review of the way IT designs, develops, deploys and manages software across all its infrastructure. Importantly, they also point to a message that the technology industry has been promoting for decades, Secure by Design. Most of that focus, however, has been on software design.
Matt Gyde, CEO, NTT Ltd Security Division, sees this as more than just software. He said: “The concept of secure by design is let’s have a secure infrastructure, let’s look at it from a secure employee. How can we drive secure outcomes for that particular slice of area?
“Security now is at the inception of a programme, a policy, a product, an application, whatever it may be. With security getting involved early, we can really start to lock security into whatever the client’s doing, really helping drive that.”
Enterprise Times: What does this mean
Every day seems to bring a list of new vulnerabilities to worry about. IT operations and security teams feel that they can never catch up with the levels of patching this creates. Compounding this issue of patching is often a lack of effective asset management. Few organisations can honestly say they know every application or technology running in their datacentre. It means that software continues to go unpatched, which is why many cyberattacks target older versions of software.
According to Mark Thomas, Global Head of Threat Intelligence at NTT Ltd: “Old vulnerabilities persistently remain an active target. A lot of organisations are challenged to patch new vulnerabilities, but they also forget the old ones as well. We’ve also seen a shift in sector targeting, so the technology sector now tops the list of most attacked sectors.”
Another issue is the massive change to working practices that the current pandemic has wrought. With so many employees working from home, IT has little or no control over the technology they are using. It is why attacks against home routers, collaboration software along with audio and videoconferencing software is on the rise.
Enterprises are also rewriting or modifying much of the software they use internally to make it web-enabled. It means they are reliant on third-party platforms and technologies that must be continuously patched and monitored. It further adds to the workload that many IT operations and security teams are struggling with.
There are two key messages from this GTIR report. The first is to put in place a set of steps that together will improve security. The second is to adopt a ‘Secure by Design’ approach for all new technologies and applications that enterprises are planning to deploy.
