NSA Warns Of Russian Hacker Attacks – Industry Comment

Following the NSA’s warning that a Russian hacker group has been exploiting a known vulnerability in Exim, please find commentary from Industry leader.

Experts Comments

June 01, 2020
Wai Man Yau
Vice President
Sonatype
The NSA’s revelation that a Russian military group is targeting an open source vulnerability - reported nearly a year ago - is an extreme example of what can happen when businesses don’t practice proper software hygiene. With as many as 57% of publicly reachable mail-servers on the Internet using Exim, if businesses are using unpatched versions, the scale of attacks could be huge. The flaw has been listed on National Vulnerability Database since 2019, and safe versions are available, so.....Read More
The NSA’s revelation that a Russian military group is targeting an open source vulnerability - reported nearly a year ago - is an extreme example of what can happen when businesses don’t practice proper software hygiene. With as many as 57% of publicly reachable mail-servers on the Internet using Exim, if businesses are using unpatched versions, the scale of attacks could be huge. The flaw has been listed on National Vulnerability Database since 2019, and safe versions are available, so in theory, companies should be protected. But theory and practice are sadly very different, and all too often companies fail to fix faults in their software. The incident once again brings software hygiene to the fore, and underscores the urgent need for businesses to maintain a software ‘bill of materials’ to manage, track and monitor components in their applications, and to identify, isolate, and remove vulnerabilities like this one. Without one, they’re in a race against time to try and find the flaw before their adversaries do. Yet worryingly, only 53% of organisations track what’s going into their software. Companies using Exim must patch their software urgently to prevent a breach. However, it’s important that as an industry, we recognise that these kinds of attacks aren’t isolated events. Vulnerabilities that are known, but older, are prime targets for attack campaigns - companies without open source practices may forget such flaws exist. But hackers won't. This latest incident shows that it has become open season on open source, and until software supply chain security best practices becomes commonplace, hacker groups will continue to target such applications.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.