(Source – Shutterstock)

Stop procrastinating and patch those vulnerabilities now!

Security vulnerabilities are often one of the main reasons for cybersecurity incidents. Yet, many organizations often take their time to fix patches in their systems, despite knowing this.

For example, Apple recently requested users of its devices to install a security patch update due to some vulnerabilities in their system that could lead to cyber criminals having access to their devices. Despite this, many have still yet to install the security patch. In fact, some users even feel that Apple would automatically update their phones with security patches.

The same can be said about enterprises as well. With technology constantly updating, most products and services used by businesses need to be upgraded as well. While some SaaS products update automatically, the reality is, that IT teams need to constantly check their systems for any security update requests.

A recent example was when the Cybersecurity and Infrastructure Security Agency (CISA) warned of several vulnerabilities identified and patched by VMware affecting a variety of the company’s products. VMware released security updates to address multiple vulnerabilities in their products.

But this is where the problem starts as well. Many enterprises are often focused only on upgrading their products and services that they tend to ignore or forget important security patches and updates.

Unpatched vulnerabilities leave the door open for threat actors

A recent report by Palo Alto Networks’ Unit 42 showed that every four hours, a new ransomware victim is posted on leak sites. The ransom demands have also been as high as US$30 million, and actual payouts have been as high as US$8 million.

Unsecured patches on software often end up becoming access vectors for threat actors. Once a threat actor penetrates a system, cybercriminals can spread ransomware and wreak havoc on an organization.

According to Unit 42, the exploitation of known software vulnerabilities makes up 31% of the initial access vectors used by threat actors. Combined with phishing and brute-force credential attacks focused on remote desktop protocols, these attack vectors make up 77% of the suspected root causes for intrusions.

The report also stated the most common software vulnerabilities included ProxyShell which accounted for more than half of the exploitation for initial access at 55%, followed by Log4J (14%), SonicWall (7%), ProxyLogon (5%), and Zoho ManageEngine ADSelfService Plus (4%).

Looking at incident responses, poor patch management procedures contributed to 28% of threat actor success. At the same time, 44% of the cases involved organizations that did not have an endpoint detection and response (EDR) or extended detection and response (XDR) security solution, or it was not fully deployed on the initially impacted systems to detect and respond to malicious activities.

According to Wendi Whitmore, SVP and head of Unit 42 at Palo Alto Networks, “cybercrime is an easy business to get into because of its low cost and often high returns. As such, unskilled, novice threat actors can get started with access to tools like hacking-as-a-service becoming more popular and available on the dark web.

Whitmore added that ransomware attackers are also becoming more organized with their customer service and satisfaction surveys as they engage with cybercriminals and victimized organizations.

While phishing attacks are still the core cause of ransomware and may not be easily solved as victims continue to fall for them, unpatched software vulnerabilities can be controlled. IT security teams need to continue to monitor the solutions used and constantly check for any vulnerabilities.

Apart from fixing patches, they should also keep a lookout for any vulnerabilities in their system, especially with updates constantly coming in. Simply put, IT security teams need to patch internet-exposes systems as quickly as possible to prevent any vulnerability exploitation.