First Officer’s log, Terrestrial date, 20220727. Officer of the Deck reporting. Now recovered from the dreaded Covid, it is time to fully return to duty and continue the mission. While the last week was comparatively quiet, there were still several significant reports. It also seems likely that some recent discoveries will warrant more attention as time goes on. For now, we are taking the ship deeper into potentially hostile territory as we continue in our support role. While the front line may get the glory, our position disseminating information, breaking down departmental silos, and coordinating between fleet elements remains as vital as it has ever been. From OT security vulnerabilities, to Microsoft’s re-issuing of a patch – here are the top stories from last week.
56 OT security vulnerabilities. 1 cool name.
What happened
A recently released report from Forescout highlighted a total of 56 different vulnerabilities, in several different categories, from 10 different vendors. They collectively referred to them as OT:Icefall, a cool name for conglomerating multiple separate CVE’s into a single package. Each of those vulnerabilities did receive its own CVE identifier, so affected organizations can deal with them individually.
Why it matters
Operational Technology (OT) is all too frequently overlooked in the security space, and this bundle of vulnerabilities highlights that very fact. While the semantics of “insecure by design” may be questioned, the end result is the same. Whether it was purposely left insecure, or simply ended up that way because the designer didn’t think about security in the first place, the bottom line is there are devices and protocols out there that are trivial to attack. There’s also the question of combining different vulnerabilities in different systems under the same banner, but if it gets the right people in the right roles to pay attention it’s a net win.
What they said
When it comes to OT cyber security, people will always have something to say Read more.
Not quite there yet.
What happened
The Cloud Security Alliance (CSA), along with Google, found that migrating to the Cloud helps improve risk management and mitigation. With caveats. While the move to Cloud applications and infrastructure has become part of the risk management strategy overall, the raw numbers from the survey show that there’s still some way to go before organizations overall reach a fully mature state.
Why it matters
There are a lot of benefits to be found in cloud migration. Along with the cost advantages of cloud vs on-prem, there’s the fact that your cloud provider is fully dedicated to maintaining and securing the platform you’re running on. The same goes for SaaS applications, where the vendor is in charge of maintaining security. But that’s not the whole picture, and not everyone has made the move cleanly and there is still a lot of room for improvement in process, tooling, and methodology.
Fortunately, there are a lot scanners and asset management tools that are effective in the cloud, and risk management tools like Vulcan Cyber that can help manage it.
What they said
Many have stepped forward to clear things up.
Patch, and patch again.
What happened
CyberArk reported on a vulnerability in Microsoft RDP late in 2021, which was patched in early 2022. Further research into the vulnerability after Microsoft released the patch showed that there were other attack vectors a threat actor could leverage that weren’t addressed in the original patch.
Why it matters
Application Developers and Threat Actors, and vulnerability researchers, have different mindsets and approach problems differently. That shows here, where correcting one flaw didn’t address all the ways the flaw could be exploited. The fact is some vulnerabilities can be complex and multifaceted, which means developers need to make sure the fix the deploy really addressed all the potential issues.
Fortunately, there are some mitigating factors that make it a little less of a risk, and MS has released an updated patch.
What they said
Microsoft has been fast to react, and so has the industry. Read what they’ve said.
And then we got to talk
What happened
Vulcan’s own Tony Taylor and I presented a session at Optiv’s Source Zero Con 2022 on Friday, June 24th on the Partner’s track. We focused on eliminating silos in Cyber Risk Management. The conversational session feels more like a fireside chat than a heavy presentation, which was the point. Real people sharing real experiences.
Why it matters
The virtual conference has ended, but Optiv will release the recordings when available. You can see the event here.
Want to get ahead of the stories? Join the conversations as they happen with the Vulcan Cyber community Slack channel