The year of 2019 is coming to an end, but the exploits and unpatched vulnerabilities live on. Many cybersecurity threats have cropped up over the last 12 months, and in this review, we'll take a look at some of 2019's top exploits and patch trends. From the BlueKeep exploit to various vendor software issues, this past year has been rife with cybersecurity highlights and controversies.
Taking stock of the last year's top cybersecurity issues can help you make sure your organization's security efforts are up to snuff – as well as help you prepare for the coming year of patching and updating without pulling your hair out. Get a fresh start in 2020 with a clean slate and good cyber hygiene.
BlueKeep Exploit Released by Metasploit team
What is the BlueKeep exploit? BlueKeep, also known as CVE-2019-0708, is a vulnerability that exists in the Remote Desktop Protocol (RDP) service of older Windows OS, including Windows XP, Windows 2003, Windows 7, Windows Server 2008, and Windows Server 2008 R2. Microsoft released a patch for BlueKeep in their May 2019 Patch Tuesday update.
At that time, BlueKeep was highlighted as a “wormable” threat, which means the vulnerability can “self-propagate” and spread to other devices – similar to how the EternalBlue exploit was used to help spread WannaCry ransomware to millions of computers in 2017.
Cyber security experts say that Eternal Blue was weaponized so quickly and effectively because the NSA developed a stable exploit that was easy to use right out of the gate. BlueKeep is less stable and more likely to cause errors resulting in the infamous “blue screen of death.” While details of the BlueKeep vulnerability were closely guarded, the addition of this exploit to the Metasploit Framework means the barrier to entry for exploitation has been removed.
The publicization of a BlueKeep exploit by Metasploit means that even less skilled attackers can now attempt to take advantage of this vulnerability. While the details of BlueKeep were initially kept under wraps, Metasploit's release means that BlueKeep will continue to be a substantial security threat, especially for unpatched systems.
There are still hundreds of thousands of machines that haven't been patched for BlueKeep, and those machines will remain at risk – especially since the innately curious will undoubtedly try their hand at victimizing unprotected devices. The commercial accessibility of BlueKeep highlights the fact that it is an effective vulnerability that will continue to put unguarded devices at risk.
What you can do to protect yourself against exploit? Fortunately, there are several ways users can protect their networks against the BlueKeep threat. In addition to applying Microsoft's patch, disabling or changing the settings for RDP on at-risk machines can mitigate the risk of exploitation. Without due diligence in cyber hygiene efforts, BlueKeep will continue to put machines and infrastructure at risk – especially given the widespread availability of the BlueKeep exploit.
Microsoft's Emergency Internet Explorer Patch
What is the emergency Internet Explorer patch? In September 2019, Microsoft released an emergency patch for Internet Explorer exploit that is reportedly live and being used in the wild. Through this zero-day vulnerability, CVE-2019-1367, attackers can use a malicious web page to gain elevated privileges – and ultimately, seize control of the victim system.
This vulnerability effects IE versions 9, 10 and 11 – and while it may be hard to believe, there are still people out there using Internet Explorer.
What you can do to protect yourself against exploit? While these attack vectors are not exactly new, the out-of-band update from Microsoft serves to highlight the severity of this particular flaw. Security experts recommend patching for the IE vulnerability within 24 hours, even if it's not your primary web browser. One unprotected endpoint can leave an entire environment at risk and increase your network's attack surface – not exactly a good look.
EternalBlue continues to wreak havoc
What is EternalBlue? First leaked two years ago, EternalBlue continues to be a menace to unprotected machines. Information on the EternalBlue exploit is readily available – which makes it quite attractive to malicious actors.
In May 2019, the EternalBlue exploit was used to infect the city of Baltimore's infrastructure with robbinhood ransomware. The attack has cost the city over $18 million, and has prompted much debate over who is at fault: The city of Baltimore for their failure to address a widely known security vulnerability, or the federal government for their role in developing the EternalBlue exploit.
What you can do to protect yourself against exploit? Patching for EternalBlue is easy with a cloud-native, automated patch management solution like Automox. Exploits are unavoidable, and once a vulnerability gets publicized, the best course of action for any organization looking to keep their infrastructure is to patch for those vulnerabilities.
Equifax hack continues to be costly
What is the Equifax data breach? The Equifax data breach was first reported in 2017, but the company is still feeling its effects. Two years later, Equifax is facing a $1.4 billion settlement after personal data for 150 million Americans was compromised.
This is the second largest breach in history – but it is shaping up to be the most expensive. Equifax's data breach was completely preventable; a patch for the vulnerability used to compromise their systems was available for months before the attack took place.
What you can do to protect yourself against exploit? The Equifax breach stands as a testament to the importance of regular patching: Failure to patch for critical vulnerabilities in a timely manner is a major risk to take, and it can end up being quite costly.
Vendor Patching Highlights
Apple originally patched for a critical vulnerability back in May with their iOS 12.3 update – but then reintroduced the vulnerability with their 12.4. update. The flaw can let malicious applications run code on iPhones with system privileges. Additional updates from Apple do resolve this vulnerability – highlighting the importance of insuring all your devices are running the most recent version of your device's software. Any necessary fixes are likely going to be included in the newest update, and by running the most recent version of software, you can help ensure your machines are protected.
Security researchers have found two dozen errors in security updates for Apache Struts, a popular open-source web development application. According to the researchers, updates from Apache list incorrect versions affected by the vulnerabilities. The big concern with this is that users may incorrectly think the version of Apache Struts they are using is not affected by these security bugs and delay patching – leading them to continue using an application that's vulnerable.
Ensuring you're using the most recent version of Apache Struts is the best way to combat this problem, as the newest version will contain fixes for these security issues.
Recently, if a user updated for a bug in Windows Defender, they could have suffered some serious repercussions. Specifically, an update caused Microsoft's built-in antivirus to fail if a user was running commonly used scans. This means that deploying the patch for Windows Defender was able to interfere with antivirus accuracy. Although this issue has already been resolved by Microsoft, the bug in the Windows Defender update highlights the importance of layering your security solutions. By employing an additional layer of security, you can combat the risk of having a single point of failure.
Trends in Cybersecurity: Product Layering and Diversity
Between the IE zero-day vulnerability and the Windows Defender bug, there are clearly substantial risks involved with solely relying on OEM (Original Equipment Manufacturer) products. In the case of the Windows Defender patch issue, utilizing a secondary antivirus product, such as Cylance or SentinelOne, prevents the risks associated with relying on an OEM product. It's not unusual for an update in OEM product to disrupt the functionality of another. Layered security is the best way to combat problems that may crop up with individual security options. Instead of being worried about the potential ramifications of deploying necessary security updates, users can instead employ a multitude of independent security tools to keep their systems safe.
Layering your security controls and maintaining diversity can also help organizations reduce the risk of succumbing to a single point of failure. Diversity in your security efforts is crucial to minimizing your attack surface and hardening endpoints. For example, your patch deployment efforts can be strengthened by having full endpoint visibility.
Make Cyber Hygiene a 2020 Resolution
Cyber hygiene is all about doing your due diligence and reducing your risks as much as possible. For consumers, this means applying patches regularly –and ensuring that all devices and infrastructure are running the most recent versions of OS and applications.
Patching is crucial to minimizing your attack surface and keeping attackers at bay. Running the most recent version of software can also help resolve any issues or vulnerabilities an older edition may have. Stay updated, but make sure you have checks and balances in place to ensure everything on your network is running as it should.
Simply put, improving your endpoint hardening with modern, automated tools will increase your velocity and remediate your exposure. Today’s mature organizations remediate and patch faster with less effort and can avert attacks altogether.
Find out where you stand with our Endpoint Hardening Maturity Matrix. We offer actionable guidance to move up on your path to impactful cyber hygiene.
About Automox Automated Patch Management
Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.
Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, macOS, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.
Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.