Rapid7 Release Vulnerability Report for 2021
Earlier this month, Rapid7, the makers of Metasploit, InsightVM & Nexpose released their annual Vulnerability Intelligence Report. This report aims to contextualize the vulnerabilities that introduce serious risk to a wide range of organizations. 2020 was a banner year for widespread threats and represented a 6% increase in published vulnerabilities and in a 5-year period posted an exponential growth rate of 185%. Of the 50 vulnerabilities Rapid7 reviewed, almost 2/3rds of the CVEs (Common Vulnerabilities and Exposures) were rated critical at 9.0 or higher on the CVSS open framework score. This continued growth of published vulnerabilities will only continue to increase, as today’s workforce continues to migrate to a more remote, fragmented network landscape. Below are some key takeaways RLCS have extracted from this in-depth security report:
Most security news headlines were focused on Window’s CVE-2020-1350 Vulnerability & Solarwinds Orion API Exploit and rightfully so, but there were a good bit of CVEs that effected Cisco, Oracle & Citrix systems across multiple product lines.
Over 78% of the reported CVEs had a vulnerability class of Deserialization or Improper Access Controls as the root cause of the threat. They were responsible for 11 of the most severe exploits in 2020.
US Agencies are playing a larger role in providing security & vulnerability communication to media, corporations & cybersecurity stakeholders. While the transparency is a good factor, threat actors have accelerated efforts to increase exploits on those same systems.
Patch bypasses are a large factor in attack vectors in the reported CVEs. Software & Internet facing vendors have been far more likely to address issues by closing off attack chains, as oppose to addressing the root cause of reported bugs and vulnerabilities, PrintDemon CVE-2020-1337 is a prime example of such “whack-a-mole” efforts.
Operational Technology in Industrial Environments will continue to be a challenging but critical group of attack targets. The reliance on common software libraries & environments allows exploits to be executed remotely and with a limited hacking skillset. Schneider Electric had vulnerabilities to critical process systems in CVE-2020-7486 & CVE-2020-7491
What Security Guidance can RLCS Provide?
Threats to your business critical systems is not a new concept and one-size-fits-all approaches are never a guarantee in cybersecurity. Given trends in this data rich report, these are important steps we use in our security first mindset that can increase your security posture and minimize vulnerabilities for any enterprise environment regardless of shape, size or industry.
Patch, and Patch Often
Whether the exploits and vulnerabilities you have been alerted to are widespread or not, conducting patching efforts as soon as your business system can be isolated for maintenance is a sound practice to sustain. We recommend implementing a 30-60 day patch cycle to bench test, plan and deploy your updates. If you need additional support on creating a patching policy, or if you would like RLCS to create a managed IT security first policy for your business, let us know.
Defense in depth adds to your security posture
Highly skilled attackers do not create their attack chains overnight. As such, building your defense to only rely on the latest security patch for your business system is not a recommended approach. When RLCS creates an enterprise network, we implement layers of security parameters, such as on-premise firewall appliances with intrusion detection & prevention systems, end to end network traffic encryption, strict access control policies & security information and event management systems. This layered security approach provides the depth needed to today’s business infrastructure. That network vigilance is audited through periodical external penetration tests, using Metasploit Pro and other threat auditing systems.
Keep your IT asset inventory up to date
As your business grows or products or services adjust, your attack vector also changes. Maintaining a clear, up to date IT asset list for all tiers of the NIST ITAM guidance is key to understanding what products might have exploits, with a particularly focus on internet-facing assets. RLCS provides IT Risk Assessments with ITAM reports as a way to capture a security baseline for all enterprise clients. Once the critical entry points are found, we can deep dive into any specific exploits or vulnerabilities associated with the specific components and systems in the field.
While some of this might be somewhat technical and have very specific CTI terminology it is key to understand that cybersecurity threats and vulnerabilities will continue to be factors in everyday business. If you would like more information on how you can strengthen your business security posture from threat actors, please feel free to reach out via email at firstname.lastname@example.org or call us at (888) 947-5273.