In this four-part series, Systal’s SOC Analyst Abbey Adegbola delves into the adversary trends affecting the ever evolving cybersecurity landscape starting with the ‘Exploitation of Misconfigurations and Unpatched Systems’.
Cybersecurity is a rapidly evolving field, and staying ahead of the latest threats is vital for all security teams, organisations and individuals alike. Most organisations are focused on the continued evolution of generative AI, but there are other critical adversary trends that will be crucial in the evolving threat landscape. In my time within cybersecurity, I have never seen any technology or trend explode like generative AI, especially with the frontier models such as ChatGPT, but there are other prevalent and critical issues in cybersecurity as threat actors continue to advance in technique and complexity.
In this series of articles, we will take a closer look at some of the highly significant issues that have been affecting the present cybersecurity landscape. One vital trend that will be examined in this post is the continued exploitation of misconfigurations and unpatched systems by threat actors.
Continued Exploitation of Misconfigurations and Unpatched Systems
Misconfigurations and unpatched systems are some of the most critical issues confronting cloud environments and public facing infrastructure. Over the past couple of years, there has been a significant increase in the successful exploitation of these issues by threat actors resulting in massive impact and huge data breaches and loss for organisations in different sectors.
Misconfigurations are a big issue and popular target for threat actors, and they range from private service inadvertently made publicly accessible to systems being exposed with default credentials and sensitive information. Threat actors are constantly scanning and enumerating tools and services to weak passwords, unsecured ports, unsecured databases, default configurations, misconfigured cloud services and network configurations. The biggest threat to securing cloud services environments is misconfiguration, which significantly increases the likelihood of data breaches and unauthorised access by threat actors.
A recent threat report by Sophos shows that unpatched known vulnerabilities were involved in over one-third of ransomware attacks in the past year. Threat actors such as the Akira ransomware group has been noted to exploit known vulnerabilities in the Cisco Adaptive Security Appliance (ASA) VPN feature to gain initial access into enterprise environments while Russian state-sponsored threat group, Fancy Bear, continues to exploit known vulnerabilities in organisations’ unpatched Microsoft Exchange servers. Earlier this year, Chinese APT groups actively exploited zero-day vulnerabilities in Ivanti Connect Secure VPN devices. At the early stages of the attack, organisations who were quick-witted would struggle, as Ivanti was not quick to release patches, leaving organisations with no option than to mitigate the issue while waiting for a patch to be released.
According to Cisco Talos annual Year in Review for 2023, the most targeted vulnerabilities were older security weaknesses in applications and systems. This underscores threat actors’ inclination to target unpatched systems that can cause massive impact and disruptions. In most cases, these vulnerabilities have been well known for many years, therefore, providing users and organisations with ample time for the vulnerabilities to have been patched. This trend will remain widespread if organisations continue to neglect effective patch management systems.
Therefore, organisations need to do better by maintaining good security practices as many ongoing issues and flaws with enterprise security boil down to poor hygiene and admin negligence.
Systal’s Capabilities to Protect Organisations
It is highly essential for organisations of any size to have a robust and effective cybersecurity program, which encompasses the fundamental security practices, in place. However, many organisations find it difficult to create and maintain a robust cybersecurity program and healthy cybersecurity culture that can keep pace with the threat landscape. Systal offers a broad range of cybersecurity services from security operations, digital forensics and incident response to professional services that fully manage a customer’s security and protect their digital assets and environment. Our strong capabilities in continuous monitoring, managed detection and response can help organisations protect themselves against ever evolving and sophisticated cyber threats.
Systal Operational Services offer a comprehensive framework to protect your organisation’s digital health and resilience using cutting-edge technology. With a dedicated global SOC and proven Cyber Security Incident Response Team (CSIRT), our services are meticulously designed to proactively monitor, manage, detect, respond, and remediate potential cyber threats.
Next in the series, we will be examining the abuse of native system tools and utilities by threat actors in order to stay stealthy and evade detection by security tools.
Abbey Adegbola is an experienced Security Engineer working with Systal Technology Solutions. Abbey brings over seven years of IT support experience and SOC analyst experience into the Security team within Systal, providing security engineering support and L3 SOC analysis services to Systal’s customers and internal Security Team. Abbey is also a skilled malware analyst and reverse engineer who works to support the capabilities of Systal’s Cyber Security and Incident Response Teams.
Contact Systal's Experts