The progressive economization in cybercrime is producing increasingly specific attack vectors. Malware campaigns use exploit kits to automatically search for vulnerabilities in common applications in order to infiltrate infrastructures. Companies are facing a new challenge: Their attack surface increases, and they have to deal with vulnerabilities in their infrastructure more intensively and in more detail.
Hackers – the digital intruders
The house key in the flowerpot next to the entrance, a poorly closing back door or a basement window that is always tilted: there are many little things in buildings that are convenient or not ideal in everyday life, but hardly bother or cause major problems. People with malicious intent and good powers of observation, on the other hand, see such carelessness as good prerequisites for a successful burglary.
This picture can be transferred to the current threat situation in IT security. Nowadays, cyberattacks are carried out with business efficiency. For their malware campaigns, which they distribute via phishing, drive-by downloads or malvertising, they increasingly use exploit kits.
Exploit kits are used to automatically search for vulnerabilities and weaknesses in common software or firmware that enable a hacker to quickly gain extensive access rights and control over the infrastructure.
Exploit kits, whose actual purpose is bug fixing in software development, are used as a tool in this way. Thus, the effort required for an “intrusion” is minimized, applied to any number of targets with one click, and the chances of success massively increased.
In addition, exploit kits as well as corresponding ransomware campaigns are available for affordable amounts. By providing them, the providers reduce their own risk by making others work for them and, if successful, profit from the previously agreed share of the extorted ransoms.
Basic to intermediate programming skills are usually sufficient to use the codes, which are mainly, but by no means exclusively, offered on the darknet. This enormously increases the circle of potential perpetrators hoping to make a quick profit and contributes to the general threat situation becoming more severe, as a clustered number of attacks in the form of mass attacks can be expected.
Overview of the most frequently found vulnerabilities in 2022 with lywand.
For an individual company, this simultaneously means that the attack surface that their IT infrastructure represents has increased: Little things that played at best a minor role in their cybersecurity just a few years ago can now have devastating effects. The most common vulnerabilities currently found in corporate infrastructures are as follows:
With various updates, patches for discovered malfunctions are also frequently rolled out in common software. These updates are not always installed immediately when they become available, as the announced improvements appear marginal and not urgently needed at first glance. In addition, patch notes explaining which functions have been fixed do not immediately indicate to what extent they could pose a threat to security.
Even the simple SSL setup can pose risks, as some default settings can serve as a gateway for attackers. These include, in particular, outdated certificates or weak hash algorithms that make it easier for criminals to intercept login data.
The configuration of web servers can harbour numerous security risks. Insecure scripts that transmit sensitive data or server information in plain text, insecure modules, web applications or file permissions open up a wide variety of attack vectors for cybercriminals.
Insecure plug-ins, extensions, and scripts as well as database errors are typical and usually widely known security risks in content management systems. Of more concern, however, is the fact that content management systems are updated only irregularly or much too late.
IT managers sometimes shy away from updating because a software update can bring changes in operation that users have to get used to. An update is therefore put on the back burner until time is found to deal with the innovations and possibly handle increased support requests.
The list of potential entry points for attackers clearly shows that in order to secure the increased attack surface, IT managers in companies are required to be meticulous, almost to the point of obsessiveness. The continuous checking of all components of the IT infrastructure requires expert-level IT security knowledge and, moreover, a great deal of time that is hardly available in the context of daily tasks. The operational costs for IT security therefore increase enormously for companies, which would mean disproportionately high expenses, especially for small and medium-sized enterprises.
IT service providers undertake a comprehensive renovation of the IT security situation
One way out of this dilemma is for companies to outsource IT security and rely on automation. MSSPs perform regular automated security audits and ensure that necessary patches are installed, misconfigurations are eliminated and additional required protective measures are applied. With the help of such automation, companies receive reliable service that is in line with their budget and is gentle on their capacities.
Markus Müller and Christian Göbel, managing directors of our partner Q-Data Service GmbH, share their experiences with lywand and how they use the solution to optimise their MSP offering and increase service quality even further.
We have entered into a sales partnership for the DACH region with value-add distributor Infinigate. Together, we want to support IT service providers as well as MSPs and MSSPs in the development of cloud-based business models by simplifying the IT security consulting process.
We have entered into a distribution partnership with campusLan, the leading distributor for the education sector in the DACH region. Together with the Austrian distribution partners, we want to bring educational institutions of all sizes to the next level of cyber security.