A week back on the 20th October 2020, the US National Security Agency recognized & warned regarding the top 25 vulnerabilities in systems that are being most exploited by Chinese Hackers. Chinese attackers had been using these vulnerabilities overtime to their benefit to cause targeted attacks. NSA has been advising organizations to secure their vulnerable devices & take into account measures to save their data from the prying eyes of the attackers. NSA Cybersecurity Director has advised cybersecurity professionals to make use of the highlighted vulnerabilities list to gain necessary information in order to prioritize their efforts to secure their systems.
What could the attackers gain from these vulnerabilities?
Each vulnerability was serving a different purpose for the attackers & hence according to the purpose they served, these vulnerabilities can be classified into various categories as:
- 7 varied vulnerabilities were used by Chinese threat actors to acquire access to secure networks. Some of these even gave them access to credentials they could use to spread further on the same networks.
- 2 vulnerabilities allowed the attackers to exploit the active directory and gain credential access as well as lateral movement.
- 1 vulnerability provided attackers the ease to push malevolent apps & even change device configurations to ultimately send traffic through controlled proxy servers.
- 3 vulnerabilities made passing through authentication (in web servers, email servers or DNS) easier for the attackers.
- 7 more vulnerabilities had made it possible for attackers to gain access to internal servers by spreading laterally throughout a network.
- 2 vulnerabilities might’ve given attackers access to workstations, hence making them able to gain administrative privileges & credentials.
- Lastly, 3 vulnerabilities might’ve given attackers ability to monitor & modify network traffic over the device.
From the detailed descriptions of the announced list of vulnerabilities & their harms, it seems safe to assume that NSA had been keeping a tab on them for a long. Announcing these vulnerabilities has given organizations a chance at saving their data from such attackers. Ever since the beginning of the COVID-era, cyber crimes have been on a rise globally & this is just another example of the same.
What should you do now?
NSA has advised organizations to adapt to stringent measures to secure their data. They need to prioritise their cybersecurity efforts & start making efforts to keep their data safe from attackers. NSA has advised the organizations to patch the announced vulnerabilities at the earliest. A few suggested measures to follow for the same include –
- As soon as the patches are released, they must be used by organizations to keep their systems updated & patched.
- Making necessary password changes to ensure greater security of data.
- Setting up an out-of-band management network & avoid using external management capabilities.
- Blocking unused & obsolete protocols on the network & disabling device configurations for the same.
- Isolating internet-facing services by using Demilitarized Zone (DMZ) in order to reduce the internal network exposure.
- Enable robust internet-facing services logging. These logs can be monitored to view any signs of compromise.
Besides patching, it is also important for organizations to take steps to mitigate such attacks in the coming time. Only by taking complete & absolute care will they be able to secure their data.