Vulnerability Management

What is a cybersecurity attack? Explained lightning fast

A cybersecurity attack is when a threat actor discovers a vulnerability in a system or network and exploits it to gain unauthorized access. Vulnerabilities can include software bugs, configuration errors, or weak passwords that can be exploited by an attacker.

How are vulnerabilities, risks, and threats different?

• A vulnerability, as defined by ISO27002, is “a weakness of an asset or group of assets that can be exploited by one or more threats.”
• A threat is something that can exploit a vulnerability, usually a person.
• A risk is the probability of loss or damage resulting from a cybersecurity attack

Vulnerabilities come in two forms, public and private. Of the two, public vulnerabilities are especially dangerous.

Why are publicly disclosed vulnerabilities so important?

Unlike private vulnerabilities, which take a threat time and effort to find, a public vulnerability is just that, public. Everyone and their dog know about it! And so, threat actors actively search for people with unpatched systems with recently disclosed vulnerabilities. After all, to them, these systems are like money on the table — just waiting there to be snatched up.

A good example of a public vulnerability being exploited is the 2017  “NotPetya” cybersecurity attack, where attackers exploited a Server Message Block vulnerability that Microsoft had recently released a security patch for.

Thankfully, finding out what vulnerabilities are public is not at all hard! In fact, there are programs like CVE® to help.

What is the Common Vulnerabilities and Exposures (CVE®) Program?

The MITRE organization runs the Common Vulnerabilities and Exposures (CVE®) Program, which identifies and catalogs publicly disclosed vulnerabilities. This program assigns each vulnerability a unique CVE record number consisting of the year it was disclosed and a unique identifier. This allows cybersecurity professionals to easily identify and discuss specific vulnerabilities.

An example of a CVE Record: CVE-2021-44228

One CVE record that garnered much attention was CVE-2021-44228, also known as Log4Shell (which admittedly rolls off the tongue better). This vulnerability allowed attackers to execute arbitrary code loaded from LDAP servers on the Apache Log4j2 service. Since this service was widely used on many web servers, thousands of websites were vulnerable to attack.

Log4Shell demonstrated how one vulnerability can have a cascading effect on the security of millions of other systems.

What is Vulnerability Management, and how can it help?

Vulnerability management is the continuous process of identifying, evaluating, documenting, managing, and fixing security weaknesses in endpoints, workloads, and systems. In most cases, a security team uses a vulnerability management tool to discover these vulnerabilities, and employs various techniques to repair or mitigate them.

An effective vulnerability management program incorporates threat intelligence and awareness of IT and business operations to prioritize risks and deal with vulnerabilities promptly.

Using the National Vulnerability Database (NVD) for vulnerability management

The National Vulnerability Database (NVD) is a government repository for vulnerability management. It provides a standardized list of vulnerabilities, allowing for automated vulnerability management across U.S. government agencies using the Security Content Automation Protocol (SCAP).

The NVD also leverages the Common Vulnerability Scoring System (CVSS) to score and measure the severity of vulnerabilities. This rating system helps organizations prioritize vulnerability management accordingly. CVSS consists of qualitative metrics that describe properties like:

• The vectors of attack
• Whether the vulnerability can be exploited via a network, physical location, or adjacent network
• The level of user interactions required for exploitation
• The privileges required
• The potential scope of the exploitation.

The NVD is operated by the National Institute of Standards and Technology (NIST) — just in case you haven’t had enough acronyms yet.

Conclusion: Equip yourself to plug those vulnerabilities

In conclusion, vulnerability management is a critical aspect of cybersecurity, and understanding the anatomy of a cyber attack is essential in protecting against them. With the CVE® Program and NVD, cybersecurity professionals have the tools they need to identify, manage, and remediate vulnerabilities, reducing the risk of a successful attack.