The US Cybersecurity and Infrastructure Security Agency (CISA) recently added three vulnerabilities to their Known Exploited Vulnerabilities list. This requires all government agencies to fix them by October 21, 2022. And, although these CISA warnings should also lead non-governmental agencies to act, not many will.
So, what will be the consequences?
Some organizations will be breached, be publicly exposed, and face penalties & lawsuits. Lucky ones will escape public embarrassment, either because they can hide their breach or even discover an attack occurred.
Sure, many businesses will escape an attack without doing anything, and believe that they can keep doing so. That is, until the day suddenly comes when something goes wrong.
If you ignore these warnings, and don’t take security seriously, you may find yourself suffering repeated attacks. Cybersecurity is about taking proactive steps to keep your business out of trouble.
Reacting after an attack means the damage is already done.
CISA Warnings Involve New Vulnerabilities
These CISA warnings apply to a remote code execution vulnerability in Atlassian’s Bitbucket Server (used to host and manage code in development), as well as two actively-exploited Microsoft Exchange zero-day vulnerabilities.
Although Atlassian has issued patches, no patch is currently available for the server-side request forgery and remote code execution vulnerabilities in locally-hosted instances of Microsoft Exchange.
Unfortunately, even the mitigations released so far can be bypassed. Fortunately, these vulnerabilities require authenticated access to exploit. Therefore, blocking remote access to PowerShell commands likely limits the effectiveness of attacks.
Researchers also discovered a new malware that has already back-doored hundreds of Microsoft SQL servers world-wide.
To respond, your security team should check MSSQL servers for malicious .dll files, as well as use of TCP redirection for data exfiltration.
Those Who Hesitate…
Attacks happen fast – in as little as ten hours. And, if you don’t update your systems as quickly as possible, that spells trouble for you and your business.
Take, for instance, the vulnerabilities and attacks on the popular Zimbra email system. Zimbra is an email platform that, according to the company, powers “hundreds of millions of mailboxes in 140 countries.”
Unfortunately, from May until July, no fewer than five vulnerabilities were detected, with patches being issued along the way for each.
However, due to the speed of attacks through the system, experts note that organizations that didn’t move quickly should assume attackers have already exploited the vulnerability before applying patches.
If you’re concerned your business might fall into that category, you’ll want to start monitoring for signs of unusual activity and traffic.
Now, it’s easy to have sympathy for organizations that can’t move quickly. Everyone faces moments where they lack resources, have bad days, or miss notices.
Yet, sympathy doesn’t reduce breach consequences, fines, or lawsuit damages if someone can point to credible warnings prior to the breach.
Just look at the following example:
- October/November 2021:
- September 2022: The Los Angeles School District, the second-largest school district in the USA, suffers a widespread attack and breach of 500GB of data from a Vice Society ransomware attack.
Were people sympathetic towards the pressures the school district faced? Sure.
But, could that undo the damage that had been done? Nope.
Whether CISA warnings, or a simple alert from your software that an update is important, you don’t want to put yourself at risk.
Repeat Offenders Could Face Legal Troubles
While education may not suffer the harshest penalties because of sympathy for their low budgets, organizations struck repeatedly by attacks won’t be so lucky.
In September 2020, the Netwalker ransomware gang struck the National Immigration agency for Argentina, causing widespread disruption. Nearly two years later, the lessons learned from the Netwalker attack didn’t prevent the PLAY ransomware attack on Argentina’s Judiciary of Cordoba in the “worst attack on public institutions in history.”
Similarly, the global hotel chain, InterContinental Hotels Group Plc (IHG), suffered a payment card hack in 2017 that affected 1,200 hotels in the US. The hotel chain seemed to have learned its lesson when an August 2022 Lockbit ransomware attack only impacted the Holiday Inn Istanbul Kadıköy.
Sounds likes they were on the right track, right? Well, it happened again…
Less than a month later another cyberattack completely disrupted hotel bookings, compromised more than a dozen employees and more than 4,000 users.
Lawyers will be sure to point at the repeated breaches as a sign of lax cybersecurity.
Dodging Expensive Consequences
We get it; everyone wants to save costs.
However, the cost of guarding against possible attacks remains much lower than the cost of recovering from a successful breach.
Although the specific costs for any breach may vary wildly, the larger the company, the more expensive the impact.
Recent reports suggest that while 98% of organizations estimate an hour of downtime can cost more than $100,000, the average is estimated to be even higher at $250,000 per hour. And that’s only the cost for downtime.
In March 2018, a SamSam virus attack crippled the city of Atlanta, with the perpetrators demanding a mere $51,000 ransom.
However, the high-profile attack caused the closure of the Hartsfield-Jackson Atlanta International Airport, and took down at least one-third of the 424 software programs used by the City of Atlanta.
The city refused to pay the ransom, putting the recovery price tag “somewhere in the range of $21 million.”
A ransomware attack of that magnitude should serve as a wake-up call for every organization.
And, think about this: costs have only increased over the five years since that event.
Companies, non-profits, and government agencies can avoid expensive breaches by taking action to tighten security.
If you need help, but don’t know where to start, Blue Bastion, along with the support of partnered division, Ideal Integrations, is here to assist you.
Simply contact us at 412-349-6680, or fill out the form below, and our cybersecurity experts can outline options for tools and services to reduce the chances and impact of a cyberattack on your business.