Last week the big news story was about ransomware crippling the UHS medical system.
The suspected ransomware involved was the Ryuk ransomware that is known for spreading both through IoT devices (including routers) as well as through phishing. Both attack vectors have seen increased usage by hackers due to the pandemic and the work-from-home environment we now live in. Further, hospitals in general have suffered a loss of profit due to lower numbers of elective surgery – which has led to staffing reductions – including security.
The Ryuk ransomware has been known to utilize vulnerabilities both targeting the user (i.e. Internet Explorer) as well as infrastructure (such as routers) to spread. What is interesting is all the vulnerabilities used by the ransomware are fairly old, yet have experienced a resurgence of hacker interest due to the pandemic. Today’s video blog looks at several of these vulnerabilities and their associated threat activity over the past few months.
Vulnerabilities such as these are the exception rather than the rule – and they are all knowable. Focusing efforts on the most threatened vulnerabilities not only reduces the likelihood of a breach but yields efficiencies in security operations. Check out our new e-book: Do More with Less to learn how to increase efficiencies while reducing risk in the COVID-19 environment.
ATT&CK and Vulnerability Management Part 5: Disrupting Attack Sequences through Vulnerability Management
Docker/Kubernetes Part 6: Common Weakness Enumeration (CWE)
ATT&CK and Vulnerability Management Part 4: Using Intelligence to Generate Attack Sequences
ATT&CK and Vulnerability Management Part 3: Considerations in Aligning CVEs and ATT&CK Techniques