Expert Comments

NSA Publishes List Of Top 25 Vulnerabilities Targeted By Chinese Hackers

Expert(s): Security Experts
Expert(s): Security Experts

The US National Security Agency has published today an in-depth report detailing the top 25 vulnerabilities that are currently being consistently scanned, targeted, and exploited by Chinese state-sponsored hacking groups.

Experts Comments

Dot Your Expert Comments
Dr. Anton Grashion
October 23, 2020
EMEA Director
Corelight

This is especially true for high profile targets such as governmental agencies, but also healthcare providers and educational institutions.
Organisations should have a vulnerability patch management system in place, but when it comes to multiple bugs being leveraged as entry points it becomes harder to prioritise their severity and the urgency to patch. Ideally, all software vulnerabilities would be addressed as soon as the vendor is made aware and releases a patch. This is especially true for high profile targets such as governmental agencies, but also healthcare providers and educational institutions. However, operational.....Read More
Organisations should have a vulnerability patch management system in place, but when it comes to multiple bugs being leveraged as entry points it becomes harder to prioritise their severity and the urgency to patch. Ideally, all software vulnerabilities would be addressed as soon as the vendor is made aware and releases a patch. This is especially true for high profile targets such as governmental agencies, but also healthcare providers and educational institutions. However, operational reasons often dictate that the pace of update is sub-optimal when viewed through a cybersecurity lens. In these instances, wherever upgrading isn't possible, it is advisable to have a network monitoring system in place, which should be equipped to detect the signs of an attempt to exploit known vulnerabilities, and could also provide detailed visibility into lateral movement through an organization's network. This is also vital as a forensic tool should a security incident occur.  Read Less
Niamh Muldoon
October 23, 2020
Senior Director of Trust and Security EMEA
OneLogin

as well as provide assurance that exploitation risks associated with these identified vulnerabilities are patched.
This in-depth report again emphasises the importance of having an enterprise-wide, comprehensive security program incorporating people, process and technical controls. To tackle vulnerabilities requires equal emphasis placed on collaboration between people across the organisation to prioritize and address the vulnerabilities, patch management processes as well as vulnerability assessment tooling that has the ability to highlight the classification of the information asset, where the.....Read More
This in-depth report again emphasises the importance of having an enterprise-wide, comprehensive security program incorporating people, process and technical controls. To tackle vulnerabilities requires equal emphasis placed on collaboration between people across the organisation to prioritize and address the vulnerabilities, patch management processes as well as vulnerability assessment tooling that has the ability to highlight the classification of the information asset, where the vulnerability exists. CISOs should be speaking to their leadership teams about the security posture of their technology environment that delivers their key products and services, as well as provide assurance that exploitation risks associated with these identified vulnerabilities are patched.  Read Less
Robert Byrne
October 23, 2020
Field Strategist
One Identity

Allow access to specific ports only from a predefined list of IPs by using a firewall
The details published today by the NSA of the top 25 vulnerabilities being leveraged by state-sponsored hackers is a stark reflection on patching policies of organizations. There are vulnerabilities dating back over 3 years in the list, which should have been addressed by now. It’s important to have a procedure in place to update vulnerable software as soon as possible from the date the fix has been released. Sometimes it is not always practical or possible to update software straight away.....Read More
The details published today by the NSA of the top 25 vulnerabilities being leveraged by state-sponsored hackers is a stark reflection on patching policies of organizations. There are vulnerabilities dating back over 3 years in the list, which should have been addressed by now. It’s important to have a procedure in place to update vulnerable software as soon as possible from the date the fix has been released. Sometimes it is not always practical or possible to update software straight away as certain elements rely on a specific version or the update requires scheduling downtime, however, a plan and a timeline should be put in place. Organisations should be asking the questions: 1. Why it can’t be patched now? Is the software we are using/system using the software so out of date that we need to change it? 2. What can we do to protect ourselves while unpatched? Allow access to specific ports only from a predefined list of IPs by using a firewall, or block access to the system using the software from the internet completely Is the current risk associated low enough to not patch – no sensitive information could be stolen, no other systems are connected, no possibility of leveraging the exposed vulnerability into something more nefarious? This risk assessment should be carried out by trained professionals 3. When will we patch?"  Read Less
Jamie Akhtar
October 23, 2020
CEO and Co-founder
CyberSmart

Making sure software is up to date (and thus patches for known vulnerabilities are in place) is one of the five fundamental rules of cyber hygiene.
People have the impression that cyber crime is sophisticated and difficult to protect against. But as this news demonstrates, even highly professional criminals are often just exploiting known vulnerabilities that organisations and the public haven't taken the time to address. Making sure software is up to date (and thus patches for known vulnerabilities are in place) is one of the five fundamental rules of cyber hygiene. The UK government has developed a scheme that covers these fundamentals.....Read More
People have the impression that cyber crime is sophisticated and difficult to protect against. But as this news demonstrates, even highly professional criminals are often just exploiting known vulnerabilities that organisations and the public haven't taken the time to address. Making sure software is up to date (and thus patches for known vulnerabilities are in place) is one of the five fundamental rules of cyber hygiene. The UK government has developed a scheme that covers these fundamentals to help all businesses and their staff understand and maintain basic security.  Read Less
Oleg Kolesnikov
October 23, 2020
VP of threat research
Securonix

it is important to understand the types of technologies used by an organisation
The excellent work from NSA on the Top 25 software security issues and exploits list operationalised by the state-sponsored actors from NSA is a great starting point, but it likely does not apply to all organisations in the same way. In particular, it is important to understand the types of technologies used by an organisation that are in-scope for the exploits, as well as how exactly the software security issues listed by NSA are leveraged by attackers operationally to better detect and.....Read More
The excellent work from NSA on the Top 25 software security issues and exploits list operationalised by the state-sponsored actors from NSA is a great starting point, but it likely does not apply to all organisations in the same way. In particular, it is important to understand the types of technologies used by an organisation that are in-scope for the exploits, as well as how exactly the software security issues listed by NSA are leveraged by attackers operationally to better detect and mitigate them in your environments. For instance, for the CVE-2020-5902, the known exploits targeting the issue typically enable attackers to spawn a reverse bash shell running as tomcat after sending a specially crafted JDBC request over tcp port 443 containing an unsafe serialization payload, which might need to be factored in both in terms of the detection and mitigation mechanisms that can be leveraged to effectively detect and protect against current and future variants of this attack. Also, for some of the software security exploits mentioned, the corresponding log sources required, such as your Remote Access, VPN, or Web Services, often are not monitored properly by some organisations, so this is a good example of the importance of expanding your visibility in these areas and implementing the ability to effectively monitor the activity associated with these technologies and log sources to be able to detect the latest attacks as part of your defense- and detection-in-depth security strategy.  Read Less

Dot Your Expert Comments


Only for registered and approved experts. Please register before providing comments. Register here
* By using this form you agree with the storage and handling of your data by this web site.
Submit
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

15 Schools Hit By Cyberattack In Nottinghamshire

Qualys Hit With Ransomware And Customer Invoices Leaked

Experts Reaction On PrismHR Hit By Ransomware Attack

Expert Insight On Ryuk’s Revenge: Infamous Ransomware Is Back And...

ObliqueRAT Trojan Lurks On Compromised Websites – Experts Comments

Microsoft Multiple 0-Day Attack – Tenable Comment

Experts Reaction On Malaysia Airlines 9 Years Old Data Breach

IoT Security In The Spotlight, As Research Highlights Alexa Security...

Oxfam Australia Confirms ‘Supporter’ Data Accessed In Cyber Attack

Expert Reaction On Solarwinds Blames Intern For Weak Passwords