Common, Easy to Fix cybersecurity Vulnerabilities

Cybersecurity - Issues to fix

These common issues are easy to remediate, helping to prevent cyber attacks.

When Redbot Security performs manual penetration testing for Network Security, we begin with a discovery phase.  Part of this discovery phase is to perform full port scans on external IP addresses to ensure that addresses have limited ports/services exposed to the Internet.  Exploiting, we utilize custom proprietary scripts on vulnerabilities that might be more complex.   Pivoting to internal network security testing, we typically test from an assumed breached position,  sitting on the internal network via VPN access- simulating a workstation compromise.

Common Vulnerabilities

Let’s explore some of the more common exploitable vulnerabilities that Redbot Security often finds during our network testing phase. The good news: These common issues are easy to remediate to prevent cyber attacks.

Weak Passwords

During testing its not uncommon for us to find critical-rated vulnerabilities due to weak passwords. Even though a company can have strong domain password policy in place (requiring a minimum length of 12-14 characters) , many times a handful of accounts on the network still have older passwords in use. Many of these type of passwords do not fit the current domain password policy and use easily ‘crack-able’ 8 character passwords, and in addition have a policy for passwords that does not expire. Not surprisingly, many times we find that these non-updated passwords/ accounts are domain administrator accounts with easily guessable passwords which Redbot Security is able to crack within a few days of testing.

Even though your password policy might have an excellent minimum length requirement, the password policy’s “minimum password age” is also very important.  When the password minimum age is set to none, a domain user has the ability to cycle through 5 passwords to get back to their original password all in the same day. Make sure you set  this value to “1” or greater, and a domain user would have to wait at least 1 day before changing their password which ultimately would deter them from cycling passwords.

Outdated systems

Most companies know that critical vulnerabilities can be resolved simply by updating critical security patches. However, more often than not, many systems across multiple client sectors  are found to be using obsolete operating systems and missing patches such as the MS17-010 critical security update. This will inevitably allow Redbot Security to exploit these vulnerabilities gaining local administrator access and obtaining cleartext passwords for domain administrator accounts that stored in the system’s memory.

Operating systems such as Windows XP, Windows 7, and Windows Server 2008 no longer receive critical security updates/patches from Microsoft. Due to the lack of patches, malware using current exploits could be used with no current security updates to stop it.

SMB signing

Another common exploitable vulnerability is for Redbot Security to find systems with SMB signing set to “disabled”. SMB signing is a security feature in Windows that helps prevent Man-in-the-Middle (MitM) attacks using the SMB protocol. When this is set to “disabled” instead of “required”, Malicious Actors can easily perform SMB-relay attacks to gain local administrator access to the affected systems.

Printers

Yes, believe it or not, printers can be the starting point for a complete network take-over. Due to a basic oversight, many companies keep default passwords in use on office printers.   Hackers can obtain basic domain credentials in use by the printer by  scanning for domain user account. With this basic domain account, its fairly easy for hackers to be able to enumerate active directory usernames, groups, group memberships, and the password policies.

FTP and telnet services

These services transmit data in cleartext including credentials and should not be used on the network as a malicious insider could sniff the traffic to obtain the data. Furthermore when anonymous FTP is enabled anyone can login to the FTP instances using the “anonymous” account with any password provided.

And the last tip of the day, don’t use default community names for SNMP services.  When using default community names any user on the network can download information about the system(s) to include user lists, network information on the system, and software installed on the system, leaving you exposed to potential vulnerabilities than can be chained to together for an effective attack.

Maintaining Positive Controls to prevent a cyber attack

When reviewing your current security the positive controls you have in place can make it more difficult for a bad actor to get in and gain control.  Here are a few controls that should be in place.

  • Create domain password policy that required a minimum length of 14 characters.
  • Have threat detection controls in place to view network traffic and to be alerted to specific activities.
  • Make sure Domain controllers have a GPO in place to prevent storing of LM hashes.
  • Update routers/switches
  • Do not use default passwords, even on printers
  • Do not allow your Internet-facing firewalls to have excessive ports inbound from the Internet or outbound to the Internet.

Summary

Redbot Security provides Network, Application, Mobile, and critical infrastructure security testing without disruption. Our world-class cybersecurity team has a proven track record and can help to secure your networks during these times of increased threats.

How Penetration Testing can help?

Penetration Testing or pen testing is a method of testing an organization’s data defense from a controlled ethical hacking environment.  The scope of the penetration test is defined and a penetrating testing company will attempt to hack into a company’s network to expose and exploit the organization’s network weaknesses.

The process typically identifies a target system and identifies particular goals, The testing team performs discovery of that system or systems and then attempts to achieve the penetration testing goals. A penetration test project might be white box penetration test (which provides credentials and network information, typically used for insider threat assessments) a black=box pen-test (provides no information other than the targeted system, ie web app IP address) and a gray-box penetration test which would be a combination of both black-box and white-box Penetration testing (where some information is shared with the penetration testing team). A penetration test is a proactive assessment that helps determine if  a system is vulnerable to attack by bad actors (hackers, criminals, terrorists etc)

A Penetration test will identify the potential impact of vulnerabilities on the organization and recommends proper remediation efforts to fix the vulnerabilities to ultimately reduce risk. A true manual penetration test shows only the verified vulnerabilities, potentially chained together for exploits with proof of concept for each..

Related Articles

Cyber threat news feed

Check out the latest cybersecurity news around the globe

Cymbiotic will provide unparalleled security insight with the ability to manage teams, clients, on-demand testing with rapid internal VM deployment […]

Loading...
Summary