Reports on vulnerabilities, and a warning to the defence sector.
Welcome to Cyber Security Today. It’s Friday, February 26th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com. To hear the podcast click on the arrow below:
Two reports on vulnerabilities were released this week: A security firm called Imperva said the number of web and database vulnerabilities discovered last year dropped just over two per cent compared to 2019. On the other hand, Skybox Security said the number of malware, ransomware and other vulnerabilities it found last year was record-breaking. I’ll deal with that report in a minute.
The dominant root cause of web and database vulnerabilities found by Imperva was web site coding flaws called cross-site scripting. The second most common root cause was vulnerabilities that allowed hackers to inject malicious code into websites. Taking advantage of injection-related vulnerabilities was the tactic most favoured by attackers last year. Attackers usually deploy this tactic through malicious email and social media links. In addition the report found that hackers are also taking advantage of vulnerabilities in application programming interfaces, or APIs.
For defenders a web application firewall will help protect websites and databases from these kinds of attacks. But it will also help if web and software developers improve the rigorousness of their coding to close holes.
In its report Skybox Security said the number of new software and application vulnerabilities continues to increase. In fact, it says, many were actually discovered in 2019 but only reported on last year.
It also warned IT departments to be careful how they prioritize patching of vulnerabilities. Usually administrators put a priority on bugs rated critical by the Common Vulnerability Scoring System, followed by high severity vulnerabilities and then medium severity. But, the report says, a medium-severity bug may be high risk in a particular organization. Determine risk first, then the priority of patching.
(Clarification: The original story said the Imperva and Skybox sections on vulnerabilities conflicted. It should have made clear each measured vulnerabilities in different ways. The Imperva report only looked at vulnerabilities in web applications and databases. The Skybox report had a wider definition)
Finally, a threat group dubbed Lazarus has recently been targeting the defence sector of a number of companies, according to a new report from Kaspersky. The way they do it is through targeted spear-phishing emails with a malicious Microsoft Word document attached. Usually, the messages claimed to have updates on COVD-19 infections, and look like they come from a medical centre. If the potential victim has macros in Microsoft Office turned off, there will be instructions on how to turn them on so when the document opens malware is downloaded.
One victim organization had a good protection strategy of separating its corporate network with internet access and a restricted network with sensitive data but with no internet access. The attacker got around that by getting the login credentials for the router used by network administrators that connected to both systems. It isn’t clear how those credentials were obtained but one possibility is the passwords was saved in a browser password manager, or the administrators didn’t use multifactor authentication.
The FBI says Lazarus has links to North Korea.
Don’t forget on this afternoon you can catch the Week In Review edition of the podcast, where I discuss some of this week’s news with a guest commentator. Today Terry Cutler and I will discuss the need for mandatory incident reporting and the valuable IT network information hackers get from scanning the internet. You can listen on your way home or on the weekend. The podcast should be live after 3 pm Eastern.
That’s it for today. Links to details about these stories are in the text version of this podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at cybersecurity professionals.
Subscribe to Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.