Phishing, ransomware, malware: these are some of the most ubiquitous methods threat actors use to gain entry to your environment, but there are a variety of other lesser-known attacks that organizations should be tracking. As we all know, once a hacker gets a foot in the door on a single device, it can open other points of entry. In fact, a recent study found that a third of organizations are hit with a ransomware attack at least weekly, with 9% of companies experiencing ransomware attacks more than once a day. Not only that, in the last 18 months a whopping 53% of organizations have been the victim of a successful ransomware attack. Many of these infamous threats are likely already on your radar, but what about some of the lesser-known vulnerabilities (that just won't go away)? In this article, I'd like to share some of those and explain why you should care.

Before we get into the list of lesser-known vulnerabilities, here are some quick tips all security pros should keep in mind. (1) It's important to understand the motivations behind threat actors. For example, cyber terrorists often aim to cause harm and destruction to further their cause, while government-sponsored actors are typically looking to further the interests of the State, and script kiddies tend to just hunt for cash. Trying to understand motivations can help prioritize threats. (2) Check if a CVE exists (Common Vulnerabilities and Exposures). A CVE is a list of all publicly disclosed security flaws and exposures. IT teams should pay close attention to CVEs, as they can make sharing information easier and accelerate remediation. And (3), what is the CVSS Score (Common Vulnerability Scoring System)? This provides a numerical score on a scale of zero to ten to determine a vulnerability's severity. These scores allow you to compare and prioritize which flaw to address first.

Now to some of the lesser-known threats that might be slipping past your radar. These are in no particular order and when compiling the list, I looked at three requirements: they must have a CVSS score of eight or higher, have made a severe industry impact, or still target people today (except the last one).

1.   SMB V1 (CVSS: 8.1, CVE-2017-0143)

In 2017, Maersk, the world's largest shipping company at the time, was hit by a major malware attack. The attack took 11 days to resolve and cost the company an estimated $264M. This same attack is still in circulation today and could be targeting your organizations. To remediate the flaw, users should remove old operating systems and update their legacy products (if not possible, sandboxing can help avoid a lateral attack). If necessary, users can create security risk assessments and asset plans for the business-critical IT assets that can't be replaced or upgraded. Refer to the CVE for more guidance.

2.   Print Nightmare (CVSS: 8.8, CVE-2021-34527)

Print Nightmare was a horrible flaw affecting almost every Windows device, with a patch that heavily impacted other systems (in a bad way). It was one of the worst printer fiascos in history - the first patch, KB500562, caused some enterprise users to be asked to reinstall their print drivers or install new drivers altogether - which they couldn't do without admin privileges. In the span of two months, the vulnerability was patched three times - none of them worked. To solve the issue, users must use an automated tool that manages the print patching process and sends an alert when issues arise. For organizations using outdated systems or with poor patching policies, this could still be a lingering network issue.

3.   Log4J (CVSS: 10, CVE-2021-4428)

With a CVSS score of 10, it's hard to forget last year's infamous Log4J. It was the most severe vulnerability ever discovered within Java, affecting widely used Java-based applications such as Apache. Currently, 46% of corporate networks have incurred a Log4J-related attack, however a whopping 30% of organizations still have unsolved Log4J issues. Unfortunately, if Log4J is in your environment, you've probably already been hacked. To remediate it, update your Log4J software package to the most current version. The Apache Foundation has also provided instructions to remediate the vulnerability online.

4.   vSphere Client RCE (CVSS: 9.8, CVE-2021-21972)

vSphere was a vulnerability providing unrestricted access to all assets within a VMware Hypervisor cluster. Every single VMware environment was affected, and it took threat actors only one day to begin incorporating the exploit. Once you have the flaw in your system, it's game over. But keeping it out of your environment is simple - make sure your VMware environment has the latest patches - that's it. However, if you're running VMware Sphere without updates, update your cluster and make sure it's not web accessible.

5.   BlueKeep (CVSS: 9.8, CVE-2019-0708)

This attack is a wormable exploit using a service we all rely on: Microsoft Remote Desktop Protocol (RDP). This exploit has become the stuff of nightmares for Sysadmins. As of June 2020, there were 600K freely exploitable endpoints, and 50% of devices are still accessible and unpatched. Remediation is easy with only a single patch; you can install it anywhere, regardless of your licensing with Microsoft. It's free, doesn't change functionality, and you can deploy it all the way back to Windows XP. But at the very least, change the default ports that you're using for RDP.

6.   Account Management (CVSS: None, CVE: None)

This is less an attack and more a best practice. Not every flaw has a CVE assigned to the known exploit. For example, the Colonial Pipeline attack impacted traditional port information systems and operational technology (OT) systems. This created more attack vectors, and as we know, all it takes is one compromised endpoint to open the floodgates. If other vulnerabilities exist in your environment, threat actors often pivot from one endpoint to the next, working their way through your environment until they own it. That's why it so critical to implement patch management, account audits, and vulnerability scanning policies.

On average it takes a threat actor seven days to exercise a vulnerability and it takes the average systems administrator 36 days to patch that vulnerability. This makes having a review process and prioritizing threat management critical for organizational security. Many organizations invest in Unified Security and Endpoint Management (USEM) solutions that deliver real-time vulnerability monitoring and up-to-the-minute remediation for all endpoints across an organization's entire network. With these products you can better predict, identify, and remediate vulnerabilities.

##

ABOUT THE AUTHOR

Ashley Leonard is the president and CEO of Syxsense-a global leader in Unified Security and Endpoint Management (USEM). Ashley is a technology entrepreneur with over 25 years of experience in enterprise software, sales, marketing, and operations, providing critical leadership during the high-growth stages of well-known technology organizations.    

Ashley manages U.S., European, and Australian operations in his current role, defines corporate strategies, oversees sales and marketing, and guides product development. Ashley has worked tirelessly to build a robust, innovation-driven culture within the Syxsense team while delivering returns to investors.    

He has founded several successful technology companies with global operations, serves on several boards and mentors up-and-coming technology CEOs. Accolades include being named a finalist for Ernst & Young's "Entrepreneur of The Year" and AeA's "Outstanding Private Company CEO" Award and won the AGC Innovation CEO Award.