Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Cybersecurity Snapshot: 6 Things That Matter Right Now

Cybersecurity Snapshot: 6 Things That Matter Right Now -- Aug. 19

Topics that are top of mind for the week ending Aug. 19 | A ransomware defense blueprint for SMBs. Why phishing is getting worse and what to do about it. The government revises its cybersecurity guidance for pipeline operators. A roundup of important vulnerabilities, trends and incidents. And much more!

1. A ransomware defense guide for SMBs

Here’s a new resource for small and medium-sized businesses looking for help preventing ransomware attacks. Using the Center for Internet Security (CIS) Critical Security Controls as a foundation, the Institute for Security and Technology (IST) has just released its “Blueprint for Ransomware Defense.” 

Ransomware guide for SMBs

This 16-page guide offers SMBs “an action plan for ransomware mitigation, response and recovery” and recommends 40 safeguards, including:

  • Identify what’s on your network, both in terms of technology being used and of data being stored or transmitted. Create an asset inventory and a data management process.
  • Protect what’s on your network, via secure configurations, account and access management, vulnerability management and employee security awareness.
  • Have an incident response plan in place so that you can act quickly and deliberately if an attack occurs.
  • Establish and maintain a data recovery process.

For more information:

2. Phishing risk: It’s getting worse

A new phishing study shows that this form of cybercrime is booming, with the number of attacks spiking and profits swelling. Phishing risk is a serious concern for organizations, as employees get bombarded with legit-looking emails and texts that try to dupe them into revealing confidential data about themselves or their employers. Plus, many threat actors such as ransomware groups and initial access brokers use phishing as an initial vector to more complex attacks. 

Based on an analysis of millions of phishing reports, Interisle Consulting Group’s “Phishing Landscape 2022: An Annual Study of the Scope and Distribution of Phishing” found that, comparing the 12-month period of May 2021 to April 2022 with the same period the prior year:

  • Phishing attacks grew 61% to 1.12 million
  • Domain names reported for phishing rocketed 72% to 854,000
  • Malicious domain name registrations surged 83% to 588,321
  • Cryptocurrency phishing increased 257%

So what can be done? Here are some of the report’s recommendations:

  • Enterprises can eliminate silos in the naming, addressing and hosting ecosystem so that policies and mitigation practices are more effective.
  • Registrars, registries and hosting providers must respond more quickly in a more coordinated and determined manner to phishing complaints and incidents.
  • Governments need to pass legislation and adopt regulations that clarify what operators must do to validate user identity, lawful access and respond to phishing incidence.

More information about phishing:

3. Vulnerabilities associated with 2021’s top malware

Right after the Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Cyber Security Centre (ACSC) outlined the top malware of 2021, Tenable’s Security Response Team identified vulnerabilities associated with these malicious strains.

In a blog post, SRT research engineers Claire Tills and Satnam Narang explain that, while the list of vulnerabilities isn’t exhaustive, it offers a starting point for organizations looking to cut off known attack paths exploited by the most prolific malware.

Check out the table below for the vulnerabilities and read the blog post to get detailed analysis and insights, including:

  • 14 of the 17 vulnerabilities are in Microsoft products.
  • Nine of the flaws could lead to code execution.
  • All but four of the vulnerabilities are more than two years old.
  • The oldest was patched in 2015.
  • Only one is an elevation of privilege flaw.
CVE Description CVSSv3 VPR*
CVE-2015-5122 Adobe Flash Player user-after-free v2 10.0 9.7
CVE-2016-0189 Scripting Engine memory corruption 7.5 9.8
CVE-2016-4171 Adobe Flash Player arbitrary code execution (apsa16-03) 9.8 8.9
CVE-2017-0144 Windows SMB remote code execution (EternalBlue) 8.1 9.6
CVE-2017-0199 Microsoft Office/WordPad remote code execution 7.8 9.8
CVE-2017-11882 Microsoft Office memory corruption 7.8 9.9
CVE-2017-8570 Microsoft Office remote code execution 7.8 9.8
CVE-2017-8750 Microsoft Browser memory corruption 7.5 8.9
CVE-2017-8759 .NET Framework remote code execution 7.8 9.8
CVE-2018-0798 Microsoft Office memory corruption 8.8 9.8
CVE-2018-0802 Microsoft Office memory corruption 7.8 9.8
CVE-2018-14847 MikroTik RouterOS remote code execution 9.1 8.8
CVE-2020-0787 Windows Background Intelligent Transfer Service elevation of privilege 7.8 9.8
CVE-2021-34527 Windows Print Spooler remote code execution (PrintNightmare) 8.8 9.8
CVE-2021-40444 Microsoft MSHTML remote code execution 7.8 9.8
CVE-2021-43890 Windows AppX installer spoofing vulnerability 7.1 9.7
CVE-2022-30190 Microsoft Windows Support Diagnostic Tool remote code execution (Follina) 7.8 9.8

*Please note: Tenable’s Vulnerability Priority Rating (VPR) scores are calculated nightly. These VPR scores are current as of Aug. 18.

Source: Tenable Research, August 2022

More information:

4. Among IoT adopters, security is now less of a concern

Security concerns aren’t as big of a barrier to IoT adoption as they were five years ago, according to the Wi-SUN Alliance’s “The Journey to IoT Maturity” report, which surveyed 300 IT pros in the U.S. and the U.K. involved in IoT implementation projects. Security is also seen as less of a technical challenge today.

By contrast, respondents are more worried about data privacy issues, as well as about big data rollouts and regulation, according to the industry group’s report.

That’s not to say that security has become a non-issue. On the contrary, it remains a major challenge for IoT success, along with the cost of implementation failures, the IT infrastructure’s complexity and the need to see proven return-on-investment (ROI.)

Security also features prominently elsewhere in the report – specifically the “security and surveillance” use case, which ranks among the top IoT initiatives respondents are most likely to roll out in the next 12 to 18 months, along with:

  • Distribution automation
  • Advanced meter infrastructure
  • Smart parking
  • Electric vehicle charging

For more information:

5. TSA updates security requirements for pipeline operators

After facing criticism, the U.S. government’s Transportation Security Administration (TSA) has revised its cybersecurity requirements for oil and natural gas pipelines, aiming to make them clearer and more flexible by basing them on performance and outcomes. 

The first iteration of the requirements, released in mid-2021 in response to the Colonial Pipeline ransomware attack, were more prescriptive, and that made them confusing and difficult to adopt.

TSA logo

The revised directive’s guidance includes:

  • Implement network segmentation so that compromises of operational technology (OT) systems don’t hobble IT systems, and vice versa.
  • Prevent unauthorized access to critical systems via access control measures.
  • Continuously monitor and detect cyberthreats and fix anomalies that affect systems.
  • Patch and update critical systems with a timely, risk-based process.

Requirements include:

  • Establish and execute a TSA-approved implementation plan that describes the cybersecurity measures being used to achieve security outcomes.
  • Develop and maintain a plan to respond to cybersecurity incidents that disrupt operations or impact business.
  • Establish an assessment program to test and audit cybersecurity measures and identify and resolve vulnerabilities in devices, networks and systems.
  • Report significant cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency (CISA.)
  • Establish a cybersecurity point of contact. 
  • Conduct an annual cybersecurity vulnerability assessment.

More information:

6. Quick takes

Here’s a roundup of vulnerabilities, trends, news and incidents from the world of cybersecurity to have on your radar screen.

Vulnerabilities to watch

  • Zoom has patched a vulnerability affecting its MacOS app.

Trends

Incidents

News

  • A “quantum computing resistant” algorithm chosen recently as a finalist in a U.S. government competition barely put up a fight against a single-core CPU.

(Tenable Senior Research Engineer Claire Tills contributed to this blog.)

Related Articles

Are You Vulnerable to the Latest Exploits?

Enter your email to receive the latest cyber exposure alerts in your inbox.

tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable.io Vulnerability Management trial also includes Tenable Lumin, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable.io Vulnerability Management trial also includes Tenable Lumin, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

Tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now

Try Tenable.io Web Application Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web Application Scanning trial also includes Tenable.io Vulnerability Management, Tenable Lumin and Tenable.cs Cloud Security.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable.io Container Security

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Try Tenable Lumin

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable.io Vulnerability Management, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable.cs

Enjoy full access to detect and fix cloud infrastructure misconfigurations and view runtime vulnerabilities. Sign up for your free trial now.

Your Tenable.cs Cloud Security trial also includes Tenable.io Vulnerability Management, Tenable Lumin and Tenable.io Web Application Scanning.

Contact a Sales Rep to Buy Tenable.cs

Contact a Sales Representative to learn more about Tenable.cs Cloud Security and see how easy it is to onboard your cloud accounts and get visibility into both cloud misconfigurations and vulnerabilities within minutes.

Try Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Promotional pricing extended until December 31st.
Buy a multi-year license and save more.

Add Support and Training