Don’t Let Celebrity Vulnerabilities Steal Your Focus
Celebrity vulnerabilities tend to attract a lot of attention in the cyber security industry. High-profile attacks on major companies can lead to weeks of unwanted publicity, with dozens of commentators and security experts weighing in on what went wrong and how the situation can be prevented going forward. But focusing on celebrity vulnerabilities isn’t a great strategy when it comes to reducing overall risk. These attacks make up a small percentage of the overall threat landscape. Don’t make the mistake of focusing on celebrity vulnerabilities when setting your cyber security priorities.
The State of Vulnerability Management
Vulnerability management, along with the cyber security threat landscape, continues to evolve beyond what’s happening in the news. Companies across industries are dealing with more types of threats than ever before.
Here’s a look at just how difficult detecting vulnerabilities has become:
- 42% of determined cyberattacks were the result of application software bugs.
- 44% of companies surveyed said risk assessment and audit are the biggest cloud compliance challenges.
- 80% of determined data breaches originated with a third party, and 29% of companies have no visibility into the security of their third-party partners.
- 85% of companies surveyed said they sacrificed security to enable remote work quickly.
Notable Celebrity Cyber Security Threats
We’ve seen dozens of high-profile attacks over the last few years. Cyber attacks are becoming more prevalent and dangerous with every passing year. Hackers are targeting essential IT infrastructures like municipalities, healthcare organizations, and even utility companies. These are just some of the recent attacks that still keep cybersecurity analysts up at night:
2010: Stuxnet – CVE-2010-2772
Stuxnet was first used against an industrial system. It obtained sensitive information from the company after infiltrating Windows and PC systems, while concealing the breach from the victim. The hackers created the attack with the victim and specific information in mind.
2014: Shellshock – CVE-2014-6271 and Heartbleed CVE-2014-0160
Shellshock allowed hackers to execute code on a remote server. It is easy to exploit through web applications as the attacker creates an HTTP request.
Heartbleed was an SSL vulnerability that tricks a computer into sending sensitive information through a heartbeat message. This reveals the contents of the RAM and lets the hacker access a private encryption key that can lead to server impersonation. Affected websites such as Tumblr, Google, Yahoo, Intuit, Dropbox, Netflix, and Facebook have since fixed the bug.
2018: Spectre CVE-2017-5753, CVE-2017-5715 and Meltdown CVE-2017-5754
Spectre is a class of security vulnerabilities that affects modern microprocessors that perform branch prediction and other forms of speculation. This can leave sensitive data vulnerable to hackers if the branch misprediction leaves observable side effects.
Meltdown is a hardware vulnerability that affects Intel x86 microprocessors, IBM POWER processors, and some ARM-based microprocessors. It allows a rogue process to read all memory, even when it is not authorized to do so. It has affected all devices running any but the most recent and patched versions of iOS, Linux, macOS, or Windows.
2019: BlueKeep CVE-2019-0708
BlueKeep is a software breach that disturbs older versions of Microsoft Windows, attacking a system’s RDP and spreading rapidly. The threat can easily spread from one device to the next without users even interacting with one another. It has resulted in the changing of data, creation of new user profiles, and installation of malicious programming.
2020: Microsoft Exchange RCE CVE-2020-0688
In another attack on Microsoft, the Exchange RCE (Remote Code Execution) bug exploited emails, which enabled it to browse and leak emails from various accounts. The attackers were able to bypass user authentication and steal login credentials, remotely executing commands and overtaking servers.
2021: Solarwinds Serv-U CVE-2021-35211
SolarWinds was the victim of a major cyberattack that went undetected for months as it spread to the company’s clients. The vulnerability allowed the attackers to spy on private companies and even elite sections of the U.S. government. Malicious code was added to the company’s regular updates sent to clients, to which the hackers would then infiltrate the clients’ systems and install more malicious software.
Are High Profile Cyber Attacks Worth Your Attention?
Celebrity vulnerabilities may be on the rise, but that doesn’t mean your VM team should focus on them. Cyber attacks have been gaining increasing publicity over the last few years as we conduct more of our professional and personal business online. Cyber criminals commonly use logos and bug brands to quickly capture attention on the world stage. They are also gaining attention by going after high-profit targets like utilities and government organizations. This helps the criminal gain prominence in their field.
But this growing fame can be a double-edged sword. The mainstream media often picks up these stories using the logos and bug brands to label the attack. This often attracts viewers that wouldn’t normally take an interest in security, which can turn the malware or vulnerability into a household name.
But VM managers shouldn’t let these high-profile incidents distract them from vulnerability remediation and the ultimate goal of making their networks safer.
Focus on the Big Picture
Organizations should instead focus on remediating the threats most likely to disrupt their operations. A successful vulnerability prioritization tool must prioritize:
Time is of the essence when it comes to cybersecurity. VM teams should focus on remediating threats as quickly as possible to prevent the hacker from seizing sensitive information.
Reducing the Attack Surface
VM teams should also focus on reducing the overall size of their organization’s attack surface by including all assets in the security inventory and avoiding assets with known vulnerabilities.
Not all vulnerabilities are created equal. Just because a threat may receive a lot of attention doesn’t mean it poses a threat to your organization. VM teams should use automated vulnerability management tools to prioritize threats based on their potential to expose sensitive information or disrupt operations.
Collaboration and Workflow Management
Cyber security is a people process. The right individuals must be notified in real time when a potential vulnerability needs to be remediated. A ticketing system can help VM team members keep track of all threats that need to be resolved. However, the most severe threats should move to the front of the line. IT professionals also need to share this information with company leadership and other departments to ensure that everyone understands how these threats can impact the organization.
Celebrity vulnerabilities may be interesting, but they don’t tell the full story. The full Don’t Let Celebrity Vulnerabilities Steal Your Focus report by NopSec reviews statistics that might give you pause if you’re faced with a Celebrity Vulnerability and are considering dropping everything to address it. Download it today to learn more about the best practices that you should consider when allocating your security resources to maximize your risk management impact.