Three time bombs lurking in your network

Article

Phil Spencer

Solutions: Security Management, Security Assurance, User Security, EndPoint Security, Infrastructure Security

Introduction

One of the biggest challenges in keeping an IT network secure is that no matter how strong your defences, there are always more undiscovered vulnerabilities lurking somewhere in the system.

Our security teams often encounter systems that have been vulnerable for years, ticking time bombs just waiting for a cyber criminal to find them and set them off.

3 Recent Hidden Threats

Three of the most recently discovered hidden threats (and that might be in your system) are:

1. SolarWinds

In December 2020 it was revealed that infrastructure management platform SolarWinds Orion had been hacked and used to breach the security of US government agencies. The breach enables threat actors to impersonate any of an organisations’ user accounts, including ones with privileged access. More than 250 organisations have so far been reported to be affected, including both government agencies and private businesses. Although attacks were first reported in 2020, it is believed threat actors have been selling access to the system since at least 2017.

2. Linux Sudo

In one of the longest standing known vulnerabilities, a major bug was discovered in the Linux Sudo command line application after being present for nearly a decade. The vulnerability, known as “Baron Samedit”, allows attackers to turn any user account into a superuser, enabling them to easily move through the system to access sensitive data or perform any number of malicious activities.

3. Android Oscorp malware

Threat actors are increasingly targeting mobile devices in addition to standard work endpoints, banking on users being more likely to simply accept messages like installation and application permissions. One of the most recent examples is a malware dubbed Oscorp targeting Android devices.

Oscorp tricks users into granting it access to the Android Accessibility Service. From here, attackers can perform any number of malicious actions, including keylogging, making calls, sending SMS, stealing 2FA PINs and more. We have recently warned our Italian customers about Oscorp, but the malware is likely to appear internationally as well.

Managing Hidden Threats

Because of the need for interconnectivity, undiscovered threats like the ones mentioned above lurking in old legacy systems can create an easy attack path to access even the most recent cloud and mobile assets.

And of course, any new software may have its own share of hidden vulnerabilities.

So how can companies keep their systems secured against these threats?

1. The Hygiene Factor: Start with the basics

The impact of most hidden vulnerabilities can be greatly mitigated by implementing good cyber security hygiene. Some of the most important core activities include:

  • Strong, well-managed passwords to prevent attackers easily hijacking user accounts.
  • Implementing privileged access management (PAM), least privilege and zero trust models to greatly reduce the capabilities of threat actors inside the system.
  • Regular patching to keep all assets up-to-date and fully secured, prioritising relevant new vulnerabilities.

It is essential to get all the basics right as a chain is only as strong as its weakest link. More often than not our customers are doing almost everything right – but missed one little thing that could be exploited by a cybercriminal.

2. Finding hidden vulnerabilities

While good security hygiene will reduce the impact of a hidden threat, you can also be more proactive in seeking them out before they are exploited.

The most important thing is to be aware of what is on the system. Our teams often encounter old legacy software that has been forgotten about, but that is still connected and putting your environments at risk.

Once the full extent of assets on the network is understood, regular vulnerability scanning can identify known issues, backed up by up-to-date cybersecurity threat intelligence. Things can be taken a step further by conducting penetration tests to find more complex vulnerabilities.

The ability to rapidly respond to and close newly discovered vulnerabilities is increasingly important, including reviewing historical data for previously undetected breaches.

In one example, our Security Operations Centre (SOC) acted on an advisory and used structured search against log archives which identified a small number of matches for one of our clients. An emergency change was immediately carried out to contain the impact, followed by further investigations to determine whether it was a genuine security breach and to fully understand the scope of compromise. This ensured that the mitigation and eradication of the threat would be complete and that the impact to the business was fully understood.

3. Security Breach Response

Finally, it is important to have a solid playbook in place for how to respond if a breach occurs. The NIST framework provides a solid foundation for building effective risk management and response so this was a natural choice for Getronics to combine with our global ITIL based service delivery model when we built our dedicated security incident response team (GTN-CERT).

Many organizations may find it difficult to build and maintain a response capability, especially when it’s only used infrequently. Therefore it’s a natural choice to consider outsourcing to an established specialist MSSP that can offer redundant 24×7 response, with highly trained and experienced incident handlers that can quickly kick into action.

Join Us

With battle-tested processes, joint purple team exercises and pre-planned Courses of Action ready to be adapted to the specific context of the client and nature of the breach, Getronics can provide peace of mind that your organization will have expert assistance when it’s needed the most.

Following these steps can help you and your team find hidden vulnerabilities before they can be exploited and reduce the impact if a breach occurs. If you need more experience, tools and resources to keep your estates safe from security time bombs, get in touch with our experts and find out how Getronics Security team can help you.

Talk with one of our experts.
If you're considering a new digital experience, whatever stage you're at in your journey, we'd love to talk.