It is becoming increasingly challenging to keep up with emerging cyber threats that are even more dangerous and destructive than their forerunners. Time and again, we are reminded of how difficult it is to keep our IT environments secure in the face of highly sophisticated cyberattacks. That said, internal IT teams and Managed Service Providers (MSPs) must continue to enhance and automate their security processes and leverage new tools to stay ahead of cybercriminals.
Let’s start off with some of the most recent cybersecurity warnings and then we’ll discuss a few of the measures companies should put in place to minimize the associated security risks.
Critical Vulnerabilities That Expose Your Business to Cyberattacks
Microsoft recently released a round of patch updates (14 April 2020 Patch Tuesday) to fix 113 vulnerabilities across its different software products. In March there was a critical vulnerability referred to as ‘SMBGhost’ and ‘EternalDarkness’ by security vendors. This ‘wormable’ Windows vulnerability, CVE-2020-0796, impacts the Server Message Block or SMBv3 network communications protocol. A patch for this vulnerability was released “out-of-band” in March.
This vulnerability can be exploited to enable remote, arbitrary code execution and take control of a system. Since this vulnerability is being touted as ‘wormable’, it can be used by an attacker to quickly move from one victim to another, just like the EternalBlue exploit enabled the rapid spread of WannyCry back in 2017.
As more people have switched to remote work following the COVID-19 lockdowns, another more recent Microsoft vulnerability worth mentioning is CVE-2020-0935, which exploits the Windows desktop application — OneDrive. According to Microsoft, this “important” (i.e. lower priority) vulnerability is a privilege elevation risk that takes advantage of how the OneDrive desktop app for Windows handles symbolic links. An attacker can exploit this vulnerability to overwrite a targeted file and achieve elevated status. This would allow them to take control of the Windows system. An attacker would already need to be logged on to your Windows system before being able to exploit this vulnerability, hence the lower level of risk.
Software vulnerabilities such as these require you to constantly be on guard to protect your IT environment from cyberattacks.
Remote Work Escalates Your Cybersecurity Risk
Since many businesses have switched to remote work, there has been a discernible spike in the use of collaboration tools like Zoom, that allow ‘work from home’ employees to have virtual meetings. However, this abrupt surge in the usage of Zoom has revealed a number of cybersecurity flaws in the service.
According to this Computer Weekly article, Check Point threat researchers recently published a report on a sudden spike in the use of fraudulent Zoom domains that lure in unsuspecting users and steal their private information. In his March 30, 2020 blog, Patrick Wardle, a principal security researcher at Jamf and former NSA cybersecurity hacker, highlighted two critical zero-day Zoom exploits.
These vulnerabilities affected the Apple MacOS Zoom client and have now been patched. Hackers could exploit one of these vulnerabilities to gain privileged root access to install spyware or malware. The other vulnerability enabled hackers to inject malicious code into Zoom and gain access to the victim’s microphone and webcam.
According to Tal Zamir, the CTO and co-founder at Hysolate, the world is likely to witness a surge of cyberattacks on videoconferencing and collaboration tools, such as Slack, Zoom and Teams, given the fact that they all have a wide attack surface.
How You Can Protect Your IT Environment and Remote Worker Computers
In the same Computer Weekly article, Aleksandr Yampolskiy, CEO of SecurityScorecard said, “All thirdparty risks should be taken very seriously, including Zoom. Having continuous monitoring in place is critical to minimize security risks, particularly in times like today when companies are turning to new vendors for tools to enable productive remote work, like Zoom, without always vetting them thoroughly.”
A key point to remember is the importance of keeping your systems up to date with the latest security patches to constantly safeguard them against potential cyberattacks. Timely patching of software vulnerabilities is critically important to mitigate security risk in your IT environment.
Here is a list of strategies that you can adopt to enhance your IT security, even as your workers continue to work from home:
- Automate patch and vulnerability management, using a reliable remote monitoring and endpoint management solution, to keep your systems up to date and protected against potential cyber threats.
- Backup your systems and SaaS app data to ensure efficient and quick recovery from ransomware and other attacks.
- Deploy advanced AV/AM solutions that provide endpoint detection and response (EDR) to keep your endpoints secure.
- Use an endpoint management solution that allows you to manage all of the above from a single console.
Download our Cybersecurity Statistics Infographic to learn more.