Skip to main content
Patch Management

10 Vulnerabilities You Should Be Scanning For

By August 16, 2021June 22nd, 2022No Comments
||

10 Vulnerabilities You Should Be Scanning with Syxsense

Are you scanning for these vulnerabilities in your environment? We have selected the most urgent security gaps that you should remediate.

[vc_empty_space]
[vc_single_image image=”146225″ img_size=”full”]

Vulnerabilities Have Rapidly Increased in 2021

The latest intelligence confirms ransomware attacks are on the rise. Not only are attacks getting more sophisticated, the ransom demands are constantly growing.

One third of all incidents this year are attributed to ransomware attacks or attempts to gain access to a network or intellectual property. In order to stop attackers from demanding payment for an encryption key, it’s never been more important to start scanning for security gaps.

Top 10 Vulnerabilities

These 10 security vulnerabilities should be scanned for within your environment.

These are based on the current threats we see being exposed and what has been weaponized or used to gain entry over the past year.

[vc_single_image image=”84930″ img_size=”full” css_animation=”fadeIn” css=”.vc_custom_1602218454042{padding-right: 20px !important;padding-left: 20px !important;}”]

Additionally, we have also recommended some of our scripts to run on your devices using Syxsense Secure to see if any of these have been found, and if so we recommend remediating these as soon as possible.

1. Autoplay

Some of the worst types of attack were transported using the simplest form of delivery: USB, mapped drive, or CD/DVD drive. One such virus known as Down ‘n Up or Conficker would infect a mapped drive and every user who logged on would automatically become infected and pass on the virus.

With many users still working from home, it is entirely possible the micro SD from the camera, or the USB drive used for school work could easily infect your system.

We recommend the following scripts be scanned on every device, and the features disabled where found:

  • Autoplay enabled for non-volume devices
  • Autoplay feature enabled for all drives
  • Autorun enabled

2. Simple Passwords

One of the trickiest issues to identify is the vast number of local accounts on your devices which are not using hardened passwords, or local accounts which do not require the password to be changed regularly.

We recommend the following scripts be scanned on every device in order to improve your local user hygiene:

  • Password complexity requirements is disabled
  • User password never expires
  • User password not required

We also know users like to keep the same password for everything, and unless you protect those local accounts with a minimum password age, nothing stops the users from cycling through to their favorite password.

  • Minimum password age less than 1 day
[vc_single_image image=”38756″ img_size=”full” onclick=”custom_link” css_animation=”fadeIn”]

3. Peer-to-Peer Software

Although owning peer-to-peer sharing is not illegal, it can be used to download illegal software, music and videos. You never can tell what you are downloading, especially since a lot of software downloaded from peer-to-peer sites are actually counterfeit, or worse, obfuscated rootkits and viruses.

We recommend the following scripts be scanned on every device to identify where peer-to-peer software or peer-to-peer binaries are installed which could act as a gateway to downloading ransomware:

  • Peer-to-peer application detected
  • Peer-to-peer binary detected

4. Windows Firewall

The basic Windows Firewall, if implemented correctly, can protect a system from many forms of attack, especially ransomware. The firewall comes with the operating system and should be enabled and configured if you have no other firewall in place.

We recommend the following scripts be scanned on every device:

  • Firewall Disabled (Windows)
  • Firewall Disabled (non-Windows)

5. Windows File Extensions

Your users build habits when running their applications and saving documents to their drives. Would your users know the difference between an icon logo which looks like Outlook, Word, Excel, and the one they use every day if it was located on the user’s desktop?

We recommend the following scripts be scanned on every device to help your users avoid opening suspicious files and applications that are in fact ransomware in disguise:

  • File Extensions Hidden
[vc_single_image image=”38151″ img_size=”full” onclick=”custom_link” link=”https://www.syxsense.com/start-a-free-trial-of-syxsense”]

6. Browser Extensions

A recent announcement by Google suggested they had detected 295 browser extensions on their platform which were caught collecting user keystrokes, clipboard content, cookies, and more. Browser extensions have become extremely popular recently with many offering monetary benefits like voucher codes. These browser extensions run within the browser, and simply await the user to run their payload.

We recommend the following scripts be scanned on every device to protect your browser from these kinds of attacks:

  • Malicious Chrome Extension (Google)
  • Malicious Chrome Extension (Edge)
  • Malicious Chrome Extension (Opera)

7. Remote Desktop Services

Remote Desktop and Remote Access is one the favorite avenues to attack for many hackers. Often devices are visible from the internet and are not sufficiently protected that over a single weekend, those devices are identified and by Monday, your network is under siege.

We recommend the following scripts to be run to ensure these are protected:

  • RDC use 3389 default port for connections
  • RDP connection encryption not set to High

We would also recommend scanning the following security vulnerability for all internet facing devices after every weekend to see if any attempts have been made:

  • Account Locked
  • Multiple Logins Attempted

8. Antivirus

Ensuring your Antivirus is running should be simple, however there are also known issues with the antivirus software itself that are often overlooked (such as memory leaks). Your antivirus is the last line of defense against the most sophisticated of ransomware attacks, so ensuring it is healthy should be one of your top priorities.

We recommend the following scripts be scanned on every device to verify your antivirus is trustworthy to protect your devices:

  • Antivirus Not Detected
  • Antivirus Definition over 21 Days
  • AV Disabled
  • AV Engine Not Up-to-Date

9. SMB

The US National Cybersecurity & Communications Integrations Center (NCCIC) recently issued advice that all organizations should block outbound Server Message Block (SMB) traffic at the perimeter firewall: Ports 137/139/445. If you are not able to block this traffic for whatever reason, you should at least ensure the protocol is using the highest level of security algorithm.

We recommend the following scripts be scanned on every internet facing device to verify the safety of SMB:

  • SMB v1 protocol enabled

10. Legacy / Obsolete / Out of Support Software

Our number one vulnerability is obsolete operating systems and software. It is widely recommended by both Syxsense and other security advisories such as US Homeland Security and the UK National Cyber Security Centre to ensure all software used is up to date, that includes operating systems.

Any software which is obsolete, and therefore no longer supported by the vendor, should be upgraded or uninstalled. Infection from ransomware is much easier if the vendor is no longer fixing security bugs which are publicly aware.

We recommend the following scripts be scanned on every device to identify legacy software:

  • Legacy Software Found

How Syxsense Can Help

Syxsense lets you easily manage unpatched vulnerabilities with the click of a button. It includes patch supersedence, patch roll back, and a wealth of automation features.

In addition, it provides a three-hour turnaround for the testing and delivery of new patches as well as technology to send software and patches across the wire once, using peer-to-peer within the network for local distribution.

[vc_separator]

Experience the Power of Syxsense

Start a trial of Syxsense, which helps organizations from 100 to 100,000 endpoints secure and manage their environment, all from just a web browser.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense%2F|||” css=”.vc_custom_1590698033746{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Leave a Reply