Away with the vulnerabilities | Pentest7

top cybersecurity companies

In a guest article, Tom Haak, CEO of the Austrian security manufacturer Lywand Software, describes best practices for IT security spring cleaning and how weak points can be identified and ironed out.

Crypto mining, data theft or the smuggling of ransomware: cyber criminals use a variety of methods to achieve their goal. A new development has emerged in recent years: hackers are increasingly launching automated campaigns that identify attack vectors in their victims’ IT systems and facilitate widespread attacks. Vulnerabilities in common software are extremely promising for the criminals, since scripts for an automated attack are often quickly published in such products. If companies neglect easy-to-carry maintenance work on their IT, this can result in high economic damage. Therefore, companies cannot rely solely on security software, but have to start hardening their IT systems. A wake-up call for some IT admins to spring-clean long-deferred work. Lywand, provider of automated IT security scans, has uncovered the most serious vulnerabilities in companies in 2021 – and provides best practices for IT admins for the big cleanup:

  1. Insecure or hacked passwords

The most common vulnerability is insecure and already leaked passwords that circulate on the Dark Web without the knowledge of those affected. The incomplete password hygiene is and remains a classic in IT security and often affects users and administrators alike: “Password1”, “admin” or “qwertz” are still not threatened with extinction, but are promising prey for brute force attacks, i.e. attacks with software that automatically tries out character combinations in order to crack passwords. The use of password management software that reminds users to renew at regular intervals and supports them in assigning a strong password can help here.

  1. Vulnerabilities in content management systems

Operating a website is a matter of course for companies of all sizes. However, popular content management systems (CMS) can harbor security gaps that run the risk of becoming the target of automated attacks. In 2021, for example, three vulnerabilities became known in the CMS software WordPress that attackers could have used to steal passwords. Equipped with valid access data for the backend, they could theoretically manipulate the owners’ websites at will or delete content completely.

To minimize the risk of being affected by such vulnerabilities, admins need to take care of several things:

  • Conscientious plugin usage: Extended functions are usually offered as plugins with open source CMS, most of which are voluntarily contributed by developers worldwide. The extent to which these are vulnerable to attacks cannot be clearly determined by the user. Exercising care when selecting and managing can at least reduce the risk of security gaps in extensions: If possible, only plugins from trustworthy sources should be installed. In this context, the reviews of other users are also informative. It should also be checked whether these have been updated regularly so far. For all plug-ins already installed, the availability of updates should always be checked and these should be installed as soon as possible. In addition, admins should immediately delete extensions that are no longer used.
  • Check connected services: For PHP or SQL applications connected to the CMS, care should be taken to ensure that they meet the recommended technical requirements – i.e. the recommended version status. Limiting yourself to only the minimum requirements increases the risk.
  • Limit the user group to the essentials: User accounts should be deleted immediately as soon as the responsible persons no longer use them or leave the company.
  1. Vulnerabilities in File Sharing Solutions

File sharing solutions like QNAP and ownCloud have recently had to deal with security gaps that could be used by cybercriminals to execute their own commands and inject ransomware. To minimize the risk of attack and the potential extent of damage, file-sharing solutions should only be operated over local networks or over VPN– Access will be provided. The possibility of unauthorized file access also poses the potential for data theft. An encryption solution should therefore be used for storage at the storage location. If attackers should gain access to the files, they remain worthless to them due to the encryption. The same applies to file-sharing solutions that updates provided by the manufacturer are installed immediately.

  1. Outdated web server software

Updating web server software such as Apache and the software libraries used such as jQuery and OpenSSL is also a neglected IT area in some companies. This can have tangible consequences, as in the case of OpenSSL, which is an infinite loop bug that can be used to incapacitate servers and clients by external attackers. In order to be able to react quickly in such cases, IT admins should always follow the manufacturer’s patch notes in order to be able to quickly install updates and close the corresponding security gaps.

  1. Outdated operating systems

Updating an operating system on all user accounts sometimes causes problems and involves additional work. Some software applications no longer work smoothly after the update, which causes displeasure among users in daily use. Admins usually do not allow the updating of operating systems automatically, but only allow them manually and take care of it whenever the workload allows it. In some companies this can take months, in extreme cases even years. Exploits that have already been patched by the manufacturers through updates are still available to attackers. And they are also extremely easy to find for them, since they only have to find out which operating system version their attack target is using. In order not to let this scenario become real, admins should always reserve suitable time windows for the installation and the associated clean-up work.

IT security is becoming a basic attitude

The threat situation for companies is becoming more and more complex and the possible attack vectors are becoming more and more numerous and detailed. An effective defense against this now results from a combination of various prerequisites: Powerful, intelligent security software in combination with a well-maintained IT system. The knowledge of possible weak points and a correspondingly reliably maintained IT environment thus becomes a security-relevant basic attitude – and regular tidying up and cleaning actions a necessity.

Leave a Reply

Your email address will not be published.