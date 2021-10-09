Loopholes fixed over 9 years ago are still used in ransomware attacks
Among an increasing investment in security and monitoring tools or threat intelligence, the lack of updating, a relatively simple procedure, remains the biggest ghost in the world of defense against cyber attacks. Proof of this is a new study that points out cases in which vulnerabilities fixed more than nine years ago continue to appear in the rankings of openings most used by criminals in attacks against corporate structures.
The survey is by Qualys and showed that, in the last five years, at least 1493 already updated loopholes were used in blows of the type by different ransomware families. Among the top five, three are from the beginning of the last decade, including one, which targets Java programming environments, with correction available since June 1723 .
This is CVE-1723-1493, third among the largest openings used by ransomware gangs — in this case, from the Urausy family of pests, one of the first in circulation in the world. She appears in third place, behind CVE-1723-110, which also reach Java environments and have updates available since February and March 2013, respectively; together, the three have been responsible for hundreds of attacks since 2016, with tens of millions of dollars in damage.
The survey also showed the corporate software that suffers most from lack of updates and end up becoming an easy target for criminals. First are VMware systems, mainly Esxi and Workspace, followed by Oracle weblogic, Pulse Secure Connect and Skype servers. In the last two cases, the examples are more recent and also reflect the criminals' focus on remote access tools, work at home and virtualization.

According to Qualys figures, the lack of updates goes hand in hand with misconfigured settings applied to servers that handle data available on the internet and accessed remotely. Here, preferences related to poorly distributed access privileges, supply chain attacks and credential leakage appear as the main risk factors.

In the experts' view, this is due to the load the excessive work of the technology teams and also the lack of a complete view of the technology park and, exactly, what needs to be updated or deserves attention. Amidst segmented systems, different networks and specific reports, some elements can escape and it is from them that criminals can compromise networks and carry out their attacks.

Among measures, Qualys suggests the reduction in steps and greater communication between threat and technology security teams, so that processes are more direct and perceived vulnerabilities end up remedied more quickly. In addition, the survey points out as a problem the exclusive reliance on incident response tools, with intelligence systems, prediction and automated mitigation platforms also serving to identify possible input vectors and improve the security of networks that have multiple connected systems.

Source: Qualys
Settings Mistakes also favor attacks
Source: Qualys
