There has been quite a lot of news coverage about Elon Musk’s SpaceX supplier Maximum Industries, hacked by the LockBit ransomware group. LockBit even contacted Elon Musk directly in an attempt to start ransom negotiations.
I recently stumbled upon an article by Eduard Kovacs (@EduardKovacs) of SecurityWeek, which mentions some of the techniques used by the threat actor. While we still don’t know what exactly helped to execute this attack, the article mentions that the LockBit cybercriminals exploit unpatched vulnerabilities, rely on insiders, or acquire access from specialized groups to gain access to victim systems. Once they have access, they collect valuable data, after which they deploy file-encrypting malware.
Yes, unpatched vulnerabilities, again and again. By all means, it is one of the most efficient hacking methodologies. It does not require any sophisticated exploit development skills or specialized knowledge. All you have to do is test the target environment against any available published exploits or proofs of concept. In many cases, it is almost guaranteed that one or more systems remain unpatched, sometimes for years. According to Statista.com, there are 22,514 new vulnerabilities reported in 2022, up from 21,171 in 2021.
Here are the three critical aspects of risk-based vulnerability management that every organization needs to follow to avoid the fate of SpaceX and thousands of other ransomware victims:
- Assess: This is the first step in the vulnerability management process. Assessing involves identifying, evaluating and analyzing the security vulnerabilities that exist within an organization’s systems, applications, network or infrastructure. This can be done using vulnerability scanning tools, penetration testing or manual analysis. Action1 can help you identify many software vulnerabilities in real-time.
- Prioritize: Once the vulnerabilities have been identified and assessed, the next step is to prioritize them based on their severity and potential impact on the organization’s operations. This is done by assigning a risk rating to each vulnerability and determining which vulnerabilities pose the greatest risk and require immediate attention. It is almost impossible to patch everything based purely on CVSS scoring. You have to prioritize patching and remediation based on IT asset value, network exposure, and other organization-specific parameters. Even a 5.0 CVSS score vulnerability can become the first step in a successful high-profile breach if, for example, the unpatched server is exposed to the public.
- Patch: The final step in the vulnerability management process is to patch or remediate the vulnerabilities that have been identified and prioritized. This involves applying software patches (patch management), configuration changes or other mitigation techniques to fix the vulnerabilities and reduce the risk of exploitation. Action1 allows automating patching and other remediation steps based on priorities and other key metrics.