Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Cybersecurity Snapshot: 6 Things That Matter Right Now

Cybersecurity Snapshot: 6 Things That Matter Right Now -- Aug. 19

Topics that are top of mind for the week ending Aug. 19 | A ransomware defense blueprint for SMBs. Why phishing is getting worse and what to do about it. The government revises its cybersecurity guidance for pipeline operators. A roundup of important vulnerabilities, trends and incidents. And much more!

1. A ransomware defense guide for SMBs

Here’s a new resource for small and medium-sized businesses looking for help preventing ransomware attacks. Using the Center for Internet Security (CIS) Critical Security Controls as a foundation, the Institute for Security and Technology (IST) has just released its “Blueprint for Ransomware Defense.” 

Ransomware guide for SMBs

This 16-page guide offers SMBs “an action plan for ransomware mitigation, response and recovery” and recommends 40 safeguards, including:

  • Identify what’s on your network, both in terms of technology being used and of data being stored or transmitted. Create an asset inventory and a data management process.
  • Protect what’s on your network, via secure configurations, account and access management, vulnerability management and employee security awareness.
  • Have an incident response plan in place so that you can act quickly and deliberately if an attack occurs.
  • Establish and maintain a data recovery process.

For more information:

2. Phishing risk: It’s getting worse

A new phishing study shows that this form of cybercrime is booming, with the number of attacks spiking and profits swelling. Phishing risk is a serious concern for organizations, as employees get bombarded with legit-looking emails and texts that try to dupe them into revealing confidential data about themselves or their employers. Plus, many threat actors such as ransomware groups and initial access brokers use phishing as an initial vector to more complex attacks. 

Based on an analysis of millions of phishing reports, Interisle Consulting Group’s “Phishing Landscape 2022: An Annual Study of the Scope and Distribution of Phishing” found that, comparing the 12-month period of May 2021 to April 2022 with the same period the prior year:

  • Phishing attacks grew 61% to 1.12 million
  • Domain names reported for phishing rocketed 72% to 854,000
  • Malicious domain name registrations surged 83% to 588,321
  • Cryptocurrency phishing increased 257%

So what can be done? Here are some of the report’s recommendations:

  • Enterprises can eliminate silos in the naming, addressing and hosting ecosystem so that policies and mitigation practices are more effective.
  • Registrars, registries and hosting providers must respond more quickly in a more coordinated and determined manner to phishing complaints and incidents.
  • Governments need to pass legislation and adopt regulations that clarify what operators must do to validate user identity, lawful access and respond to phishing incidence.

More information about phishing:

3. Vulnerabilities associated with 2021’s top malware

Right after the Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Cyber Security Centre (ACSC) outlined the top malware of 2021, Tenable’s Security Response Team identified vulnerabilities associated with these malicious strains.

In a blog post, SRT research engineers Claire Tills and Satnam Narang explain that, while the list of vulnerabilities isn’t exhaustive, it offers a starting point for organizations looking to cut off known attack paths exploited by the most prolific malware.

Check out the table below for the vulnerabilities and read the blog post to get detailed analysis and insights, including:

  • 14 of the 17 vulnerabilities are in Microsoft products.
  • Nine of the flaws could lead to code execution.
  • All but four of the vulnerabilities are more than two years old.
  • The oldest was patched in 2015.
  • Only one is an elevation of privilege flaw.
CVEDescriptionCVSSv3VPR*
CVE-2015-5122Adobe Flash Player user-after-freev2 10.09.7
CVE-2016-0189Scripting Engine memory corruption7.59.8
CVE-2016-4171Adobe Flash Player arbitrary code execution (apsa16-03)9.88.9
CVE-2017-0144Windows SMB remote code execution (EternalBlue)8.19.6
CVE-2017-0199Microsoft Office/WordPad remote code execution7.89.8
CVE-2017-11882Microsoft Office memory corruption7.89.9
CVE-2017-8570Microsoft Office remote code execution7.89.8
CVE-2017-8750Microsoft Browser memory corruption7.58.9
CVE-2017-8759.NET Framework remote code execution7.89.8
CVE-2018-0798Microsoft Office memory corruption8.89.8
CVE-2018-0802Microsoft Office memory corruption7.89.8
CVE-2018-14847MikroTik RouterOS remote code execution9.18.8
CVE-2020-0787Windows Background Intelligent Transfer Service elevation of privilege7.89.8
CVE-2021-34527Windows Print Spooler remote code execution (PrintNightmare)8.89.8
CVE-2021-40444Microsoft MSHTML remote code execution7.89.8
CVE-2021-43890Windows AppX installer spoofing vulnerability7.19.7
CVE-2022-30190Microsoft Windows Support Diagnostic Tool remote code execution (Follina)7.89.8

*Please note: Tenable’s Vulnerability Priority Rating (VPR) scores are calculated nightly. These VPR scores are current as of Aug. 18.

Source: Tenable Research, August 2022

More information:

4. Among IoT adopters, security is now less of a concern

Security concerns aren’t as big of a barrier to IoT adoption as they were five years ago, according to the Wi-SUN Alliance’s “The Journey to IoT Maturity” report, which surveyed 300 IT pros in the U.S. and the U.K. involved in IoT implementation projects. Security is also seen as less of a technical challenge today.

By contrast, respondents are more worried about data privacy issues, as well as about big data rollouts and regulation, according to the industry group’s report.

That’s not to say that security has become a non-issue. On the contrary, it remains a major challenge for IoT success, along with the cost of implementation failures, the IT infrastructure’s complexity and the need to see proven return-on-investment (ROI.)

Security also features prominently elsewhere in the report – specifically the “security and surveillance” use case, which ranks among the top IoT initiatives respondents are most likely to roll out in the next 12 to 18 months, along with:

  • Distribution automation
  • Advanced meter infrastructure
  • Smart parking
  • Electric vehicle charging

For more information:

5. TSA updates security requirements for pipeline operators

After facing criticism, the U.S. government’s Transportation Security Administration (TSA) has revised its cybersecurity requirements for oil and natural gas pipelines, aiming to make them clearer and more flexible by basing them on performance and outcomes. 

The first iteration of the requirements, released in mid-2021 in response to the Colonial Pipeline ransomware attack, were more prescriptive, and that made them confusing and difficult to adopt.

TSA logo

The revised directive’s guidance includes:

  • Implement network segmentation so that compromises of operational technology (OT) systems don’t hobble IT systems, and vice versa.
  • Prevent unauthorized access to critical systems via access control measures.
  • Continuously monitor and detect cyberthreats and fix anomalies that affect systems.
  • Patch and update critical systems with a timely, risk-based process.

Requirements include:

  • Establish and execute a TSA-approved implementation plan that describes the cybersecurity measures being used to achieve security outcomes.
  • Develop and maintain a plan to respond to cybersecurity incidents that disrupt operations or impact business.
  • Establish an assessment program to test and audit cybersecurity measures and identify and resolve vulnerabilities in devices, networks and systems.
  • Report significant cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency (CISA.)
  • Establish a cybersecurity point of contact. 
  • Conduct an annual cybersecurity vulnerability assessment.

More information:

6. Quick takes

Here’s a roundup of vulnerabilities, trends, news and incidents from the world of cybersecurity to have on your radar screen.

Vulnerabilities to watch

Trends

Incidents

News

(Tenable Senior Research Engineer Claire Tills contributed to this blog.)

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.