This April, Cognizant fell prey to a nasty ransomware attack whose ripple effect has shaken the world.
Cognizant has over hundreds of Fortune 500 companies as its customers and this recent attack finds them literally over the barrel, scrambling for cover. The full impact of this attack will be known in the months to come… though the company expects to lose between $50 Million to $70 Million to cover legal, consulting, security restoration and remediation work.
The fact that this ransomware attack happened right after employees started working remotely is significant!
Remote working has become the new normal in the past months and might just be a new working model for many companies in the future.
A recent white paper (Cyber Risk in working remotely) released by Cyber Security Works paints a disturbing picture of the vulnerabilities that exist in popular tech stacks used today.
Key Findings
The report provides an in-depth analysis of popular tech stacks and their inherent vulnerabilities –
- Trends of weaponization of vulnerabilities in tech stacks over the past decade.
- Prioritization of vulnerabilities by the weaponization.
- A list of top 3 vulnerabilities in each technology.
- A priority list of CVEs that needs to be fixed first.
- Spotlight on applications that have the maximum number of vulnerabilities.
Vulnerabilities in Tech Stacks
We examined an overall 4849 vulnerabilities in tech stacks (encompassing VPN, Access Service, Database, Web Proxy, Web Gateway, CRM, Business Intelligence, Backup & Storage, Online conference).
.png)
Out of these, over 543 CVEs have been weaponized, and 6 CVEs are vulnerable to ransomware!
We found the maximum number of vulnerabilities in Database (1449), Online Conference (877), and Backup & Storage technologies (745).
.png)
Out of these, remote code execution (RCE) is possible for 45 vulnerabilities in Backup and Storage technologies and for 25 vulnerabilities in Database.
A total of 473 critical vulnerabilities were found among all the technologies that were examined. Of these Online Conference solutions has over 220 vulnerabilities, followed by Backup & storage which has 108 vulnerabilities.
The trend in weaponization also gave many insights. For one thing, the weaponization rates have been increasing considerably since 2015. In 2017, 47 vulnerabilities became weaponized (out of 803 CVE in total).
.png)
Vulnerabilities undetected by popular scanners
Popular scanners like Nessus, Nexpose, and Qualys have missed around 102, 158, and 131 vulnerabilities.
Unique vulnerabilities that can be executed remotely like the below-given list were missed by all three scanners.
Here is a count of CVEs that were missed by scanners –
| Technology | Nessus | Nexpose | Qualys |
|---|---|---|---|
| VPN | 6 | 12 | 8 |
| RAS | 5 | 8 | 5 |
| Database | 23 | 49 | 32 |
| Web Proxy | 2 | 5 | 3 |
| Web Gateway | 1 | 12 | 3 |
| CRM | 5 | 6 | 5 |
| BI | 4 | 2 | 5 |
| Backup & Data Storage | 44 | 46 | 33 |
| Online Conference | 10 | 22 | 8 |
| Total | 100 | 162 | 102 |
Threat actors have always exploited the inherent vulnerabilities in a software program. A weak code is all that is needed for them to penetrate and steal data. The current circumstances present prime opportunities for them to breach security and spread mayhem. Tech giants like Cognizant have already taken a hit and more will follow in the months to come – if these vulnerabilities are not fixed.
The only way forward in the present situation is to understand the threat and not confuse the lack of weaponization of vulnerability with safety and be complacent about it.
Click here to download the white paper Cyber Risk in Working Remotely