CS Sep-Oct 2021

More documents

Recommendations

Info

global intelligence CYBER AGENCIES FLEX THEIR GLOBAL MUSCLES INTERNATIONAL ALLIES SHARE DETAILS OF TOP 30 VULNERABILITIES THAT WERE ROUTINELY EXPLOITED BY MALICIOUS ACTORS IN 2020 Advice on countering the most publicly known-and often dated-software vulnerabilities has been published for private and public sector organisations worldwide. It is part of a global initiative to combat cyber attacks by sharing intelligence and creating a united front. The cyber agencies behind the drive are the UK's National Cyber Security Centre (NCSC), Cybersecurity and Infrastructure Security Agency (CISA), Australian Cyber Security Centre (ACSC) and Federal Bureau of Investigation (FBI) have published a joint advisory*, highlighting 30 vulnerabilities routinely exploited by cyber actors in 2020 and those being exploited in 2021. In 2021, malicious cyber actors continued to target vulnerabilities in perimeter-type devices. Today's advisory lists the vendors, products, and CVEs, and recommends that organisations prioritise patching those listed. GLOBAL CYBER WEAKNESSES "We are committed to working with allies to raise awareness of global cyber weaknesses - and present easily actionable solutions to mitigate them," states NCSC director for operations, Paul Chichester. "The advisory… puts the power in every organisation's hands to fix the most common vulnerabilities, such as unpatched VPN gateway devices. Working with our international partners, we will continue to raise awareness of the threats posed by those that seek to cause harm." As well as alerting organisations to the threat, the advisory directs public and private sector partners to the support and resources available to mitigate and remediate these vulnerabilities. Meanwhile, guidance for organisations on how to protect themselves in cyberspace can be found on the NCSC website. The centre’s '10 Steps to Cyber Security collection' (https://www.ncsc.gov.uk/collection/10-steps) provides a summary of advice for security and technical professionals. On the mitigation of vulnerabilities, network defenders are encouraged to familiarise themselves with guidance on establishing an effective vulnerability management process. EARLY WARNING SYSTEM Elsewhere, the NCSC's Early Warning Service (https://www.ncsc.gov.uk/information/earlywarning-service) also provides vulnerability and open port alerts. This is a free NCSC service designed to inform your organisation of potential cyber attacks on your network as soon as possible. The service uses a variety of information feeds from the NCSC, trusted public, commercial and closed sources, which includes several privileged feeds not available elsewhere. To sign up to the NCSC's Early Warning Service, go to: https://www.earlywarning.service.ncsc.gov.uk /?referrer=acdwebsite. So, what exactly does the service do? Early Warning filters millions of events that the NCSC receives every day and, using the IP and domain names you provide, correlates those which are relevant to your organisation into daily notifications for your nominated contacts via the Early Warning portal. Organisations that are signed up receive the following highlevel types of alerts: 28 computing security September 2021 @CSMagAndAwards www.computingsecurity.co.uk
global intelligence Incident Notifications - activity that suggests an active compromise of your system. For example: a host on your network has most likely been infected with a strain of malware Network Abuse Events - this may be indicators that your assets have been associated with malicious or undesirable activity, such as a client on your network has been detected scanning the internet Vulnerability and Open Port Alerts - indications of vulnerable services running on your network or potentially undesired applications are exposed to the internet. For example: you have a vulnerable application or have an exposed Elasticsearch service. Cyber security researchers will often uncover malicious activity on the internet or discover weaknesses in organisations security controls and release this information in information feeds. In addition, the NCSC or its partners may uncover information that is indicative of a cyber security compromise on a network. The NCSC will collate this information and use this data to alert organisations about potential attacks on their networks. There are two types of alerts that will be sent out when an alert has been detected for any organisation: Daily Threat Alert - this includes Incident Notifications and Network Abuse Reports Weekly Vulnerability Alert - this includes Vulnerability and Open Port Alerts. The organisation involved can then use this information passed on by Early Warning to investigate the issue and implement appropriate mitigation solutions where required. The NCSC's website provides advice and guidance on how to deal with most cyber security concerns. BENEFITS OF EARLY WARNING By signing up to Early Warning, an organisation will be alerted to the presence of malware and vulnerabilities affecting its network. Early Warning will notify on all cyber attacks detected by feed suppliers against that particular organisation. "This should not be used as the only layer of defence for a network," cautions the NCSC. "Early Warning should complement your existing security controls." ENHANCING SECURITY Early Warning aims to enhance security by increasing awareness of the low-grade incidents that could become much bigger issues, so that organisations can act on these at the earliest opportunity, so that they have increased confidence in the security of their networks. Other key considerations: The service is free and fully funded by the NCSC Early Warning does not conduct any active scanning of a networks itself. (However, some of the feeds may use scan-derived data - eg, from commercial feeds.) CISA executive assistant director for Cybersecurity, Eric Goldstein, comments: "Organisations that apply the best practices of cyber security, such as patching, can reduce their risk to cyber actors exploiting known vulnerabilities in their networks. Collaboration is a crucial part of CISA's work and we have partnered with ACSC, NCSC and FBI to highlight cyber vulnerabilities that public and private organisations should prioritise for patching to minimise risk of being exploited by malicious actors." For his part, FBI cyber assistant director Bryan Vorndran had this to add: "The FBI remains committed to sharing information with public and private organisations in an effort to prevent malicious cyber actors from exploiting vulnerabilities. "We firmly believe that coordination and collaboration with our federal and private sector partners will ensure a safer cyber environment to decrease the opportunity for these actors to succeed." LIFT COLLECTIVE DEFENCES Head of the ACSC, Abigail Bradshaw CSC, believes the guidance will be valuable for enabling network defenders and organisations to lift collective defences against cyber threats. "This advisory complements our advice available through cyber.gov.au and underscores the determination of the ACSC and our partner agencies to collaboratively combat malicious cyber activity." Amongst those who see attacks and breaches every day out in the commercial world, Jon Fielding, managing director, EMEA Apricorn, sees the NCSC joint advisory as a great demonstration of collaboration and the growing need to mitigate against these common threats. "We are in a software age and digitalisation is being embraced by more and more businesses, but, in doing so, the risks are extended, as security fails to keep pace with the level of software development which can provide a weak link into a corporate network. Ultimately, businesses will never be 100% secure and, whilst the joint advisory is a positive step, data needs to be kept offline and encrypted wherever possible. Employing a hardware-centric approach, void of software involvement and encrypting sensitive data wherever it resides [server, laptop, removable media] is imperative, so that, if defences are breached, you remain protected." * https://us-cert.cisa.gov/ncas/alerts/aa21-209a www.computingsecurity.co.uk @CSMagAndAwards September 2021 computing security 29
Page 1 and 2: Computing Security Secure systems,
Page 3 and 4: comment 2021 COMPUTING SECURITY AWA
Page 5 and 6: There’s a difference between feel
Page 7 and 8: ADISA ICT Asset Recovery Standard 8
Page 9 and 10: UNIQUE EVENT FOR THE CYBER SECURITY
Page 11 and 12: ansomware BASIC SECURITY IS ESSENTI
Page 13 and 14: 50 % OFF RANSOMWARE PREVENTION & PR
Page 15 and 16: information security things, but, w
Page 17 and 18: health check This has enabled indiv
Page 19 and 20: global intelligence will have impli
Page 21 and 22: all at sea CRUISING FOR A BRUISING
Page 23 and 24: all at sea Secondly, adversaries' c
Page 25 and 26: information security more effective
Page 27: new-world shakeup for every employe
Page 31 and 32: CS Nominations 2021 NOMINATIONS OPE
Page 33 and 34: APTs malware to install backdoors t
Page 36: Pragmatic and experienced risk mana

CS Sep-Oct 2021

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?