From The CTO’s Office
First of all, I hope you have all had a fantastic summer.
In front of you is our latest edition of our Quarterly Threats and Vulnerabilities Repot. As always, we use this repot to both cover some of the specific security trends of the previous quarter as well as focus on the bigger picture topics that are relevant in the cybersecurity space.
There were some vey interesting vulnerabilities discovered in the last quarter. One group that stands out to me is the Windows Pint Spooler vulnerabilities, which we cover on page 4andpage 14 of the repot. Again, it is the software supply chain (i.e. your Windows clients and sever software) that is impacted, and I don’t think it is a coincidence that we saw exploits of this happening as we are all slowly moving back into the office.
Microsoft also needed to apply some more patches to their Exchange on-prem systems, which highlights the importance of rigorously patching and protecting specifically internet facing systems. Read much more about this on .page 15I also want to highlight that DDoS attacks have again been a dominating issue for clients.
Unfortunately, attackers are not slowing down as during the last quarter we observed a couple of notable campaigns leveraging DNS water torture techniques to impact clients. While the attacks are not sophisticated, without the proper mitigation in place any organization would have had a challenge protecting themselves against this.
I am really proud of what we are doing in the DDoS protection area, and the vast majority of attacks happen without clients even being impacted.
I would like to also cover some old news, as sometimes we forget the important things that may be difficult to do. I think all of us agree that most web-traffic today is SSL encrypted – In fact more than 90% of HTTP browsing today is HTTPS or API based communication. Yet, many organizations are still not inspecting HTTPS and API communication. This fact is utilized by attackers to plan both host phishing and malware content. We cover this in more detail on page 9.I strongly urge all organizations to stat inspecting SSL and API communication. Often your existing security devices already have the capability, but you have just not gone through the exercise of tuning it on yet.
If you are in doubt about how to do this, reach out to us and we can assist you in creating visibility for you either through your existing platforms or some of the great solutions we have in this space. Finally, do spend some time on the tips and ticks from our Security Consulting. In a world of flashy firewalls, new software releases and fancy new vulnerabilities we often forget that cybersecurity is just a subset of the realm of information security.