10 Vulnerabilities You Should Be Scanning with Syxsense
Are you scanning for these vulnerabilities in your environment? We have selected the most urgent security gaps that you should remediate.
Vulnerabilities Have Rapidly Increased in 2021
The latest intelligence confirms ransomware attacks are on the rise. Not only are attacks getting more sophisticated, the ransom demands are constantly growing.
One third of all incidents this year are attributed to ransomware attacks or attempts to gain access to a network or intellectual property. In order to stop attackers from demanding payment for an encryption key, it’s never been more important to start scanning for security gaps.
Top 10 Vulnerabilities
These 10 security vulnerabilities should be scanned for within your environment.
These are based on the current threats we see being exposed and what has been weaponized or used to gain entry over the past year.
Additionally, we have also recommended some of our scripts to run on your devices using Syxsense Secure to see if any of these have been found, and if so we recommend remediating these as soon as possible.
Some of the worst types of attack were transported using the simplest form of delivery: USB, mapped drive, or CD/DVD drive. One such virus known as Down ‘n Up or Conficker would infect a mapped drive and every user who logged on would automatically become infected and pass on the virus.
With many users still working from home, it is entirely possible the micro SD from the camera, or the USB drive used for school work could easily infect your system.
We recommend the following scripts be scanned on every device, and the features disabled where found:
- Autoplay enabled for non-volume devices
- Autoplay feature enabled for all drives
- Autorun enabled
2. Simple Passwords
One of the trickiest issues to identify is the vast number of local accounts on your devices which are not using hardened passwords, or local accounts which do not require the password to be changed regularly.
We recommend the following scripts be scanned on every device in order to improve your local user hygiene:
- Password complexity requirements is disabled
- User password never expires
- User password not required
We also know users like to keep the same password for everything, and unless you protect those local accounts with a minimum password age, nothing stops the users from cycling through to their favorite password.
- Minimum password age less than 1 day
3. Peer-to-Peer Software
Although owning peer-to-peer sharing is not illegal, it can be used to download illegal software, music and videos. You never can tell what you are downloading, especially since a lot of software downloaded from peer-to-peer sites are actually counterfeit, or worse, obfuscated rootkits and viruses.
We recommend the following scripts be scanned on every device to identify where peer-to-peer software or peer-to-peer binaries are installed which could act as a gateway to downloading ransomware:
- Peer-to-peer application detected
- Peer-to-peer binary detected
4. Windows Firewall
The basic Windows Firewall, if implemented correctly, can protect a system from many forms of attack, especially ransomware. The firewall comes with the operating system and should be enabled and configured if you have no other firewall in place.
We recommend the following scripts be scanned on every device:
- Firewall Disabled (Windows)
- Firewall Disabled (non-Windows)
5. Windows File Extensions
Your users build habits when running their applications and saving documents to their drives. Would your users know the difference between an icon logo which looks like Outlook, Word, Excel, and the one they use every day if it was located on the user’s desktop?
We recommend the following scripts be scanned on every device to help your users avoid opening suspicious files and applications that are in fact ransomware in disguise:
- File Extensions Hidden
6. Browser Extensions
A recent announcement by Google suggested they had detected 295 browser extensions on their platform which were caught collecting user keystrokes, clipboard content, cookies, and more. Browser extensions have become extremely popular recently with many offering monetary benefits like voucher codes. These browser extensions run within the browser, and simply await the user to run their payload.
We recommend the following scripts be scanned on every device to protect your browser from these kinds of attacks:
- Malicious Chrome Extension (Google)
- Malicious Chrome Extension (Edge)
- Malicious Chrome Extension (Opera)
7. Remote Desktop Services
Remote Desktop and Remote Access is one the favorite avenues to attack for many hackers. Often devices are visible from the internet and are not sufficiently protected that over a single weekend, those devices are identified and by Monday, your network is under siege.
We recommend the following scripts to be run to ensure these are protected:
- RDC use 3389 default port for connections
- RDP connection encryption not set to High
We would also recommend scanning the following security vulnerability for all internet facing devices after every weekend to see if any attempts have been made:
- Account Locked
- Multiple Logins Attempted
Ensuring your Antivirus is running should be simple, however there are also known issues with the antivirus software itself that are often overlooked (such as memory leaks). Your antivirus is the last line of defense against the most sophisticated of ransomware attacks, so ensuring it is healthy should be one of your top priorities.
We recommend the following scripts be scanned on every device to verify your antivirus is trustworthy to protect your devices:
- Antivirus Not Detected
- Antivirus Definition over 21 Days
- AV Disabled
- AV Engine Not Up-to-Date
The US National Cybersecurity & Communications Integrations Center (NCCIC) recently issued advice that all organizations should block outbound Server Message Block (SMB) traffic at the perimeter firewall: Ports 137/139/445. If you are not able to block this traffic for whatever reason, you should at least ensure the protocol is using the highest level of security algorithm.
We recommend the following scripts be scanned on every internet facing device to verify the safety of SMB:
- SMB v1 protocol enabled
10. Legacy / Obsolete / Out of Support Software
Our number one vulnerability is obsolete operating systems and software. It is widely recommended by both Syxsense and other security advisories such as US Homeland Security and the UK National Cyber Security Centre to ensure all software used is up to date, that includes operating systems.
Any software which is obsolete, and therefore no longer supported by the vendor, should be upgraded or uninstalled. Infection from ransomware is much easier if the vendor is no longer fixing security bugs which are publicly aware.
We recommend the following scripts be scanned on every device to identify legacy software:
- Legacy Software Found
How Syxsense Can Help
In addition, it provides a three-hour turnaround for the testing and delivery of new patches as well as technology to send software and patches across the wire once, using peer-to-peer within the network for local distribution.
Experience the Power of Syxsense
Start a trial of Syxsense, which helps organizations from 100 to 100,000 endpoints secure and manage their environment, all from just a web browser.