These old security vulnerabilities are creating new opportunities for hackers
Old security vulnerabilities in corporate networks are leaving organisations at risk from ransomware and other cyber attacks as hackers look to actively exploit unpatched systems and legacy software.
Analysis by cybersecurity researchers at F-Secure suggests that 61% of security vulnerabilities which exist in corporate networks are from 2016 or even older, despite patches being available for five years or more. Some of the vulnerabilities which continue to be exploited to breach networks are more than a decade old.
One of the most common unpatched vulnerabilities plaguing businesses is CVE-2017-11882, an old memory corruption issue in Microsoft Office including Office 365 which was uncovered and patched in 2017, but had existed since 2000. According to F-Secure, it’s one of the most actively exploited vulnerabilities on Windows.
The vulnerability requires little interaction from the user, making it useful for cyber criminals running phishing campaigns. Researchers note that since it was detailed in 2017, the vulnerability has regularly been used by hacking groups, including Cobalt Group.
Other common vulnerabilities detailed in the research paper include CVE-2012-1723, a vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7, which was detailed in 2012 and CVE-2013-1493.
Security patches are available to protect against these vulnerabilities and have been available for years, but many organisations haven’t applied the updates, leaving them vulnerable to various cyber criminal intrusions.
SEE: Cybersecurity: Let’s get tactical (ZDNet special report)
According to the report, organisations see ransomware as the key cybersecurity threat they face, but the exploits can also be exploited by cyber criminals looking to implant trojan malware, or gain access to networks by stealing usernames and passwords.
But it’s not just cyber criminals which pose a risk to organisations, nation-state backed hacking groups will often use the exact same vulnerabilities because they can be used to provide relatively easy access to networks.
Identifying and managing vulnerabilities can be a difficult task, especially for large organisations with vast IT estates, but the most effective way to prevent cyber criminals from exploiting vulnerabilities is for the IT department and information security teams to know what’s on the network and move to protect it, via applying security patches, hardening defences or both.
“Organisations that understand their IT estates, what opportunities they have to detect attacks, and what risks and threats are facing their industry, can prepare themselves to mitigate most of the damages caused by the kind of ransomware attacks we see today,” said F-Secure global head of incident response Joani Green, who also warned that plans should be put in place about how deal with successful attacks.
“Detecting attacks is obviously the first step, but organizations that prepare a full plan for responding can put a stop to these incidents in a matter of hours instead of days or weeks,” she said.
MORE ON CYBERSECURITY