Precautionary Measures for Securing Your Business Operations
Nowadays, there is an intensification of vulnerability exploits perpetrated by cyber attackers. 45% of data breaches are based on cloud computing services1. Corresponding with a Snyk Report2, 80% of companies were confronted with at least one cloud computing security incident in the last year, and 27% of organizations[3] have experienced a public cloud computing security attack – a notable increase of 10% from last year. Among the many alarming statistics on the ranking of cyber weaknesses, summarized hereafter are some noteworthy statistics revolving around vulnerabilities exploits4.
Amidst the troubling veracity of the above-mentioned statistics pertaining to vulnerabilities exploits and manipulations, how could your organizations secure your business operations with much needed precautionary measures? To answer such an important question, this is why our July 2024 Newsletter is focussed on the concerning actuality of vulnerabilities exploits and how to deal with them.
76% of all applications have at least one vulnerability.
50% of all vulnerabilities remain unfixed six months after initial discovery.
84% of companies have high risk vulnerabilities on their network perimeter.
20 % of organizations do not test their software for vulnerabilities.
69% of malicious software (malwares) are exploiting nowadays several Zero-Day vulnerabilities.
[1] IBM Security. Fighting Back Against Data Breaches. Cost of a Data Breach Report 2023. https://www.ibm.com/reports/data-breach
[2] SNYK. Cybersecurity Company Specialized in Cloud Computing. The 2022 State of Cloud Security Report. https://go.snyk.io/state-of-cloud-security-2022.html
[3] For the purpose of this newsletter organization includes companies and SMEs
[4] BITDEFENDER. Cybersecurity Technology Company. Business Insights: 10 Stats on the State of Vulnerabilities and Exploits. https://www.bitdefender.com/blog/businessinsights/10-stats-on-the-state-of-vulnerabilities-and-exploits/
Concise Meanings of Vulnerabilities and Exploits
The two definitions and seven categories of frequent cybersecurity vulnerabilities provided henceforth are summarized and adapted from the monograph acknowledged in the footnote1. On the one hand, vulnerabilities are in essence weaknesses, defects, mistakes or flaws within a given software, system, network, computer configuration, coding procedure, programming language, and Information Technology (IT) process that can be taken advantage of by malicious cyber attackers. Vulnerabilities can be caused by the following imperfections: coding errors, IT systems misconfigurations, computer architecture design flaws, and programming languages mistakes. When a vulnerability is discovered, it inevitably becomes a potential entry point for malicious activities. Now, to add insult to injury (i.e., to make a bad situation worse), there are nowadays exploits coming into play. On the other hand, exploits are malevolent tools or subterfuges that take advantage of identifiable vulnerabilities. Exploits allow hackers around the world to launch cyber attacks, illicitly gain unauthorized access, and execute mischievous codes. Exploits can be the unfortunate outcome of misusing and manipulating pieces of software, sequences of commands, or even open-source exploit kits. To vividly illustrate the two above meanings of vulnerabilities and exploits, try to imagine vulnerabilities as fragile locked doors, and exploits as the keys that open those fragile locked doors. Once the fragile locked doors are opened, cyber attackers can wreak havoc inside your organizations – whether by stealing your confidential data, disrupting your online transactions, compromising your Information Technology systems, or spreading malware across your staff work stations.
Preventative reminder: staying updated and knowledgeable about known vulnerabilities, and swiftly applying patches or mitigations is crucial for you to endorse, apply, execute, guarantee and sustain a very secure digital environment within your business operations, and for the ultimate benefit and safety of your customers.
[1] Chris Hughes and Nikki Robinson. Effective Vulnerability Management: Managing Risk in the Vulnerable Digital Ecosystem. April 2024 Paperback 1st Edition, John Wiley & Sons Publishing Co. Ltd., Hoboken, New Jersey, USA, 288 pages.
What Are Some Categories of Frequent Cybersecurity Vulnerabilities?
For the sake of our cybersecurity education and awareness, let us explore some categories of frequent cybersecurity weaknesses:
- Misconfigurations: These are the single largest threat to both cloud computing and app security. Because many application security tools require manual configuration, this process can be rife with errors and take considerable time to manage and update. In recent years, numerous publicly reported breaches started with misconfigured S3 buckets that were used as the entry point. These errors transform cloud workloads into obvious targets that can be easily discovered with a simple web crawler. The absence of perimeter security within the cloud further compounds the risk associated with misconfigurations. To prevent such misconfiguration mistakes from happening, it is important for organizations to adopt security tooling and technologies and automate the configuration process and reduce the risk of human error within the IT environment.
- Unsecured APIs: Another common security vulnerability is unsecured Application Programming Interfaces (APIs). APIs provide a digital interface that enables applications or components of applications to communicate with each other throughout the internet or via a Virtual Private Network (VPN). APIs are one of the few organizational assets with a public IP address. If not properly and adequately secured, they can become an easy target for attackers to breach. As is the case with misconfigurations, securing APIs is a process prone to human error. While rarely malicious, IT teams may simply be unaware of the unique security risk this asset possesses and rely on standard security controls. Conducting a security awareness training to educate teams on security best practices specific to cloud computing — such as how to store secrets, how to rotate keys and how to practise good IT hygiene during software development and deployment — is critical in the cloud environment, just as in a traditional environment.
- Outdated or Unpatched Software: Software vendors periodically release application updates to either add new features and functionalities or patch known cybersecurity vulnerabilities. Unpatched or outdated software often make for an easy target for advanced cybercriminals. As with system misconfigurations, adversaries are on the prowl for such weaknesses that can be exploited. While software updates may contain valuable and important security measures, it is the responsibility of the organization to update their network and all endpoints. Unfortunately, because updates from different software applications can be released daily and IT teams are typically overburdened, it can be easy to fall behind on updates and patching, or miss a new release entirely. Failing to update even one machine can have potentially disastrous consequences for the organization, providing an attack path for ransomware, malware and a host of other security threats. To help address this issue, organizations should develop and implement a process for prioritizing software updates and patching. To the extent possible, the team should also automate this activity so as to ensure systems and endpoints are as up to date and secure as possible.
- Zero-Day Vulnerabilities: A Zero-Day vulnerability refers to a security flaw that has been discovered by a threat actor but is unknown to the enterprise and software vendor. The term “Zero-Day” is used because the software vendor was unaware of their software vulnerability, and they have had “0” days to work on a security patch or an update to fix the issue; meanwhile it is a known vulnerability to the cyber attacker. Zero-Day attacks are extremely dangerous for companies because they can be very difficult to detect. To effectively detect and mitigate Zero-Day attacks, a coordinated defence is needed — one that includes both prevention technology and a thorough Incident Response Plan (IRP) in the event of a cyber attack. Organizations can prepare for these surreptitious and damaging events by deploying a complete Endpoint Security Solution (ESS) that combines technologies including Next-Gen Antivirus (NGAV), Endpoint Detection and Response (EDR) and Cyber Threat Intelligence.
- Weak or Stolen User Credentials: Many users fail to create unique and strong passwords for each of their accounts. Reusing or recycling passwords and user IDs creates another potential avenue of exploitation for cybercriminals. Weak user credentials are most often exploited in brute force attacks when a threat actor tries to gain unauthorized access to sensitive data and systems by systematically trying as many combinations of usernames and guessed passwords as possible. If successful, the actor can enter the system and masquerade as the legitimate user; the adversary can use this time to move laterally, install back doors, gain knowledge about the system to use in future cyber attacks, and, of course, steal data. To deal with this particular cybersecurity vulnerability, organizations, companies and SMEs should set and enforce clear policies that require the use of strong, unique passwords containing at least 15 alphanumeric characters, i.e., any collection of numbers, uppercase and lowercase letters and symbols (punctuation marks, mathematical symbols, etc.). Organizations should also consider providing a password manager and implementing a Multifactor Authentication (MFA) policy, which requires more than one form of identification, such as both a password and a fingerprint or a password and a one-time security token, to authenticate the user.
- Access Control or Unauthorized Access: Mismanagement of user permissions can lead to unauthorized access for manipulators. Companies often grant employees more access and permissions than needed to perform their job functions. This increases identity-based cyber threats and expands access to adversaries in the event of an infringement. To help resolve such a problem, organizations should implement the Principle of Least Privilege (POLP), a computer security concept and practice that gives users limited access rights based on the tasks necessary to their job. POLP ensures only authorized users whose identity has been verified have the necessary permissions to execute jobs within certain systems, applications, data and other assets. POLP is widely considered to be one of the most effective practices for strengthening the organization’s cybersecurity posture, in that it allows organizations to control and monitor Network and Data Access (NDA).
- Misunderstanding the “Shared Responsibility Model”: To prevent runtime threats from happening, organizations must completely understand their reciprocal responsibilities with cloud computing environments. Cloud computing networks adhere to what is known as the “shared responsibility model.” This means that much of the underlying infrastructure is secured by the cloud computing service provider. Nonetheless, the organization is responsible for everything else, including the operating system, applications and data. Unfortunately, this point can be misunderstood, leading to the assumption that cloud computing workloads are fully protected by the cloud computing service provider. This results in users unknowingly running workloads in a public cloud computing that are not fully protected, meaning adversaries can target the operating system and the applications to obtain access. Organizations that are using the cloud computing environment must update their cybersecurity strategy and tooling to ensure they are protecting all areas of cyber risks across all environments. Traditional security measures provide only partial security within a cloud computing environment and they must be supplemented to provide enhanced protection from cloud-based vulnerabilities and cyber threats.
[1] Chris Hughes and Nikki Robinson. Effective Vulnerability Management: Managing Risk in the Vulnerable Digital Ecosystem.
April 2024 Paperback 1st Edition, John Wiley & Sons Publishing Co. Ltd., Hoboken, New Jersey, USA, 288 pages.
Never forget
Anticipative detections and pre-emptive actions are key to maintaining a robust cybersecurity posture
Why Can AI-Powered Cyber Attacks & Human Vulnerabilities Impact Your Organization’s Cybersecurity Posture?
In this section, we will succinctly focus on two critical aspects of vulnerabilities. On the one hand, AI-powered cyber-attacks can significantly impact your organization’s cybersecurity posture. On the other hand, human vulnerabilities can also considerably affect your organization’s digital safety posture. Let us concisely explore some of those vulnerabilities exploits and how to safeguard your organizations.
What Are Some Vulnerabilities Exploits Powered by AI Cyber Attacks?
Artificial Intelligence (AI) has allowed cybercriminals to launch automated cyber attacks with unprecedented accuracy, speed and at scales that were difficult to achieve just by human hackers. Malicious users are taking advantage of AI technology in various ways. Shortened hereunder and adapted from the monograph referenced in the footnote1 are some of the vulnerabilities exploits whereby cyber attackers are incorporating generative AI:
- Social Engineering: Cyber attackers use several psychologically manipulating tricks to misguide users into revealing their credentials, credit card details and personal information. They incorporate attacks such as phishing, baiting, vishing, pretexting and compromising personal and corporate emails. Hackers use generative AI to make phishing emails and fake websites more personalized, compelling, sophisticated and almost similar to the targeted original website. This makes it difficult for users to detect fake malicious emails and they are tricked and convinced into entering their personal details. Hackers can also use AI to increase the speed, scale and intensity of these exploits by automating the process and the generation of these fake emails and content.
- Malware (Malicious Software): In the past, the malware behaviour and properties were studied and signatures were developed. The antivirus software and intrusion detection and prevention systems use these signatures to detect malware, viruses, trojans and other malicious software. Nowadays, hackers are using generative AI technology to develop this malicious software. Because those hackers are dynamic and evolve rapidly, traditional security tools are unable to detect their manipulative stratagems of transforming software into malware.
- Deepfakes: Deepfakes are basically videos of peoples in which their faces or bodies have been digitally altered so that they appear to be some other peoples – typically used maliciously or to spread false information. Cyber attackers use AI technology to create deceptive and misleading campaigns by easily manipulating audio and visual content. Just by tapping phone calls and using photos and videos published on social media, they can impersonate any staff member and create content that is used to mislead or manipulate employees AI is used to make such deepfake contents realistic and convincing because they appear legitimate. By combining this exploit with social engineering, extortion and other schemes, deepfakes cyber attacks can be disastrous.
- Brute Force Tools & Techniques: AI technology has advanced the brute force tools and techniques used by cybercriminals. It has helped cyber attackers improve the deciphering algorithms used to crack passwords, making these exploits more accurate and faster.
- Automated Cyber Attacks: Malicious users have started using AI-powered bots to automate the detection of threats and weaknesses in websites, systems and networks. Once detected, it is used to further automate the exploitation of the identified vulnerabilities. This has greatly helped hackers in scaling their cyber attacks and causing more damage.
- Cyber Espionage Attacks: Generative AI technology can be used for espionage purposes by automating the extraction of data from compromised networks and analyze them. This has made it much easier for cyber criminals to steal sensitive and confidential data.
- Ransomware Cyber Attacks: Hackers can use AI to automate the process of identifying vulnerabilities in the target organization’s network. They can then automate the exploitation and the process of encrypting all the company files and folders. The hackers then demand ransomware payment to share the decryption key for retrieving the company sensitive data. AI has helped cyber attackers make this whole process much simpler and less time-consuming.
- IoT Attacks: Cybercriminals have begun to use AI to break Intrusion Detection Algorithms (IDA) to attack IoT networks. Today AI is used to perform input attacks, algorithm/data poisoning, fake data injection, and automated detection of vulnerabilities in networks using techniques like fuzzing and symbolic execution.
Taken as a whole, generative AI technology has enabled cybercriminals to create more sophisticated and automated exploits that are much more scalable and less time-consuming. Organizations are struggling to keep in phase in detecting and preventing these advanced vulnerabilities exploits.
[1] Iqbal H. Sarker. AI-Driven Cybersecurity and Threat Intelligence: Cyber-Automation, Intelligent Decision-Making and Explainability. April 2024 Hardcover Edition, Springer Nature Academic Publishing, Headquarters: London, United Kingdom.Corporate Offices: Berlin, Germany; Sales Office: New York, USA, 200 pages. https://link.springer.com/book/10.1007/978-3-031-54497-2
How to Safeguard Your Organization’s Vulnerabilities Against AI-Powered Cyber Attacks?
Quite ironically, generative AI technology itself can be used to protect the vulnerabilities of your organization against AI-powered cyberthreats. The cybersecurity industry has started to rely on AI-powered security tools in conjunction with traditional security measures like identity and access management, intrusion detection, risk assessment, fraud detection, data loss prevention, incident response and other core cybersecurity domains. Surprisingly, recent research revealed that the global market for AI-powered cybersecurity tools and products was US$15 billion in 2021 and is projected to surge to roughly $135 billion by 20301. Protecting the vulnerability of your organization against AI-driven cyber attacks requires adaptive strategies and advanced tools. Summarized below are some key steps adapted from the monograph accredited in the footnote2:
- Starting Point Establishment: Security tools that use AI and machine learning algorithms do not rely on traditional rules and signature-based detections. Instead, they capture all events and analyze the vast datasets to create a baseline of normal behaviour from the starting point. By analyzing historical and live interaction data from the starting point, it is possible to exactly know all the resources used, exposed services, assets inventory, network traffic trends, and normal user activities and behaviours. This way the threat landscape and associated vulnerabilities can be easily identified and managed.
- Anomaly Detection: The AI-powered tools are designed to detect deviation from the established normal behaviour baseline and patterns. This includes unusual login activities, access requests from a new geographic location or IP address, new user access, change of permissions on files and other resources, extracting or deletion of large volumes of fines, and an exponential increase in traffic than normal rate.
- Attack Prevention Capabilities: Once the AI-powered tools identify security threats or unusual behaviours, they are capable of taking defined proactive actions to stop the attack. This may include actions like logging off the user, account lockouts, declining transactions, blocking the traffic, isolating affected resources, and sending alerts and notifications to the administrators to take appropriate actions.
- Real-Time Surveillance: In this era of AI, real-time monitoring is very important. Several AI-powered tools are designed to continuously monitor production systems in runtime. By doing so, this helps in responding immediately to cybersecurity incidents as they arise and potentially reducing the detrimental damage.
- Prognostic Analysis: AI security tools are capable of analyzing historical data and current trends/behaviours, and forecasting potential security threats and attacks. As a result, they can predictively take measures to prevent those vulnerabilities exploits.
- Zero-Day Exploits Exposure & Unseen Threats Discovery: On the one hand, with reference to traditional security tools, it is only after the attack has occurred that the vulnerability exploit is analyzed, and preventive signatures and patches are generated and distributed. Accordingly, traditional tools fail to protect the systems from new, unseen Zero-Day exploits until the signatures are released. On the other hand, AI-powered tools do not rely on signatures but create normal trend baselines, and if any deviation is detected, they take appropriate actions. Thus, Artificial Intelligence (AI) tools may detect and protect your organizations from novel and unseen Zero-Day exploits.
- Reduced False Positives: Traditional tools generate a huge number of false positive alerts and analysts may miss a few important notifications while processing the huge quantity of datasets. AI security tools tend to produce fewer false positives as they adapt to the evolving threat landscape and transforming threats.
- Cybersecurity Assessments Automation: The significant advantage of using AI-powered security tools is their ability to support automation. It is possible to automate security assessments, pen tests, security reviews, and patch management without any manual interventions. This reduces response time and the risk of human errors.
- Expandability and Scalability: The hosting environments are dynamic and AI security tools are designed to adapt to the fast-evolving environments, cyber threat landscapes, network traffic patterns and dynamic resource allocations. They can scale seamlessly to provide continuous protection against vulnerability exploits powered by AI.
Concisely comprehended, generative AI-powered tools can improve themselves through machine learning capabilities by analyzing previous security incidents and training themselves to identify suspicious behaviours, predict threats and undertake preventive measures to stop cyber attacks. Also, this helps in filling the gaps in not having enough human resources with cybersecurity skills to fill 3.5 million security jobs. Using AI has freed Cybersecurity Analysts from mundane initial event monitoring and analysis, and allowed them to apply their skills in more advanced, strategic decision-making tasks. Therefore, by combining both traditional and AI-driven security tools, organizations could maximize their productivity and simultaneously reduce cybersecurity threats and devastating data breaches.
[1] Allied Market Research – Allied Analytics LLP. AI in Cybersecurity Market Size, Share, Competitive Landscape and Trend Analysis Report: Global Opportunity Analysis and Industry Forecast, 2023-2032. Portland, Oregon, USA. https://www.alliedmarketresearch.com/ai-in-cybersecurity-market-A185408
[2] Iqbal H. Sarker. AI-Driven Cybersecurity and Threat Intelligence: Cyber-Automation, Intelligent Decision-Making and Explainability. April 2024 Hardcover Edition, Springer Nature Academic Publishing, Headquarters: London, United Kingdom.Corporate Offices: Berlin, Germany; Sales Office: New York, USA, 200 pages. https://link.springer.com/book/10.1007/978-3-031-54497-2
Why Are Some Human Vulnerabilities Affecting Cybersecurity Implementation?
Corresponding with the findings of the WORLD ECONOMIC FORUM[1], 95% of cybersecurity incidents can be traced back to human vulnerabilities producing human mistakes. The speedy shift towards digitalization, accelerated by the COVID-19 pandemic, has brought an upsurge in cyber risks. As our societies embrace digital technologies like blockchain, the metaverse and virtual reality, the issues at stake are growing exponentially. 43% of data breaches are attributed to insider threats, thereby emphasizing the significant need for better cybersecurity education, training, awareness and vigilance.
Within the overall digital safety ecosystem of Information Technology (IT), human vulnerabilities in the field of cybersecurity are critical aspects that are usually ignored and underestimated by organizations. Human vulnerabilities refer to the predispositions of human beings to being manipulated or exploited by cyber attackers who are often looking to gain unauthorized access to sensitive information or network systems. Human vulnerabilities profiling is a paramount procedure in detecting and mitigating possible vulnerabilities that exist within the human mind which could be utilized to breach an IT system. Human vulnerabilities in the domain of cybersecurity also mean perilous weaknesses that emerge in the ways humans think, react, and respond to cyber threats. Hackers and phishers often exploit such human vulnerabilities to violate security protocols and gain unauthorized access to confidential data. Summarized and adapted from the monograph referenced in the footnote[2] are some manifestations of those human vulnerabilities:
- Human Kindness: cyber malefactors exploit basic human kindness to manipulate individuals into revealing sensitive information or granting access to their confidential data.
- Curiosity, Credulity and Naivety: Cyber evildoers leverage these traits of character to execute phishing, vishing and smishing attacks, and spread malware inside computer systems and operational networks.
- Inattention, Negligence, and Ignorance: Careless, negligent and ignorant users who fail to apply cybersecurity practices become easy targets for vulnerability exploitation.
- Personality Characteristics: Analyzing personality traits (e.g.: extraversion, agreeableness, conscientiousness, neuroticism, and openness) helps cyber attackers to identify suitable human targets and attack their respective vulnerabilities.
Human Personality Characteristics and Examples of Vulnerabilities Exploits Situations
Personal Characteristics | Workplace Characteristics | Momentary Characteristics | Circumstantial
Characteristics |
---|---|---|---|
Kind |
New employee |
Frequently tired |
Averse to conflict |
Naïve |
Daily routine tasks |
Always in a hurry |
Reckless |
Curious |
Problem-solving skills |
Obsessed by speed |
Reflexive |
Open |
Working with unknown people (e.g.: new clients, colleagues) |
Often inattentive & careless |
Frightened |
Susceptible |
Dissatisfaction & frustration |
Regularly on sick leave |
Avoiding liability |
Timid |
Affordability & availability |
Eager to go on vacation |
Compromising |
Negligent |
Extortion & blackmailing |
Repeatedly on sick leave |
Cooperative |
Enthusiastic |
Rivalry & competitiveness |
Fixated on fairness/justice |
Angry |
[1] WORLD ECONOMIC FORUM. Landmark headquarters located in Coligny/Geneva, Switzerland. Branch offices situated – among others – in New York (USA), Beijing (China), Mumbai (India), Tokyo (Japan), and San Francisco (USA). The Global Risks Report 2022 – 17th Edition. https://www3.weforum.org/docs/WEF_The_Global_Risks_Report_2022.pdf
[2] James Bone. Cognitive Hack: The New Battleground in Cybersecurity… The Human Mind. August 2021 Paperback 1st Edition.Auerbach Book Publications/Open Library – An Imprint of CRC Press – Taylor & Francis Group, Boca Raton, Florida, USA, 204 pages. https://www.taylorfrancis.com/books/mono/10.1201/9781315368412/cognitive-hack-james-bone
The above-mentioned four human personality characteristics can be related and they often intersect. Such combinations of human vulnerabilities can be exploitable by cyber attackers. For example: if a new employee who is helpful and who often communicates with unknown customers is on vacation, a cyber attacker can contact that new employee by phone, impersonating a client and asking for sensitive information. Because the employee is new to the job and would like to get a good performance review, he or she might fall for the trick and provide the requested data, especially if he or she has no routine for checking invalid requests and lack cybersecurity awareness. Let us now briefly explain the above-mentioned four (4) human personality characteristics and their consequences in terms of vulnerability exploits.
- Personal Characteristics: Personal characteristics are the most basic human traits of character which are namely: kindness, naivety, curiosity, openness, susceptibility, timidity, negligence, enthusiasm. All human beings have such traits of character, and they are usually very difficult or even impossible to change. Kindness, naivety, curiosity, openness, susceptibility, timidity, negligence, enthusiasm are some of the most frequent human traits of character exploited by harmful malefactors to attack the cyber integrity of an organization. For instance, kindness is useful when cyber attackers want to gain unapproved entrance to a building or when they employ personal deception through a telephone call. Likewise, curiosity can be used to exploit targets and spread malware or carry out phishing, vishing and smishing attacks.
- Workplace Characteristics: Certain characteristics and situations are related to a given workplace or position within an organization. Based on working conditions, these characteristics and circumstances might change over time, such as when a person changes positions, responsibilities or projects. New employees can be attractive targets for attackers because they are not yet familiar with all their colleagues and can easily be victims of deception, fake requests via the phone or email scams. Nevertheless, this is a temporary state: as the new employee integrates into the enterprise, the probability of a successful cyberattack decreases. Other popular targets of social-engineering attacks are people who do routine work, such as customer service representatives, because it may be difficult for them to filter out fake requests. For example, someone working every day with Excel files that contain macros might be unable to detect a suspicious or deceptive attachment that contains macro-based malicious code. In addition, employees who are often in contact with unknown individuals (e.g.: employees of partners, clients) or know coworkers at other work sites only by phone or email are vulnerable, especially if they are helpful or inattentive. Unusual requests, phone or email scams, or even personal attacks might be successful against these targets. Negative attitudes such as dissatisfaction with working conditions and salary can also be connected to this category and can be exploited in extreme cases to commit crimes such as bribery and extortion. It is important that workplace characteristics and personal traits be aligned when certain qualities are required or advantageous in employees who are filling specific job vacancies.
- Momentary Characteristics: Momentary characteristics are usually short-lived and can change quickly, depending on conditions. For example, an employee may be tired after putting in a lot of overtime, leading to inattention. When someone goes on vacation or takes sick leave, attackers can exploit both the absent worker and the substitute. Attackers can call workers during their vacation and demand that they solve a problem quickly or fulfill a request immediately; assuming the worker wants to solve the task quickly, attackers may be redirected or connected to substitutes. In some cases, attackers might try to gather useful internal information via the automatic replies of absent workers (e.g., contact information of substitutes, projects, tasks). This momentary situation is exploitable when the substitute does not verify the authenticity of a request or does not want to bother the absent colleague or the appropriate superior. A common feature of these momentary characteristics is that they are intermittent, lasting for a few days or weeks, and then eventually disappear as circumstances evolve and change. If cyber attackers can identify the existence of these traits or the situations connecting them, or if cyber attackers can find an employee exhibiting one of these traits of character, they can create a cyber-attack scenario to exploit the targeted employee.
- Circumstantial Characteristics: Circumstantial characteristics are momentary traits that generally occur during a stressful situation, such as a cybersecurity breach. They are considered separately because they usually do not help a cyber-attacker take offensive action but, instead, they affect the execution of a cyber-attack after it is detected. One example is if an employee identifies a suspicious event—an outsider walking into the building without an escort or a badge—but does not question the visitor (or intruder) or report the event to security guards, hoping to avoid conflict in case nothing is wrong.With reference to telephone scams, the reflex reactions of targeted employees can be useful to cyber attackers, such as when the cyber-attacker poses as an employee of the help desk and scares the targeted employee by saying that his/her password has been compromised and must be changed immediately. The frightened victim reveals the password without thinking about it (this works especially well after a phishing attack). Avoiding liability could lead to malware infections, where the affected user tries to explain that antimalware software is installed and it should have identified the malicious code.
How Can Human Vulnerabilities Be Protected Through Best Cybersecurity Practices?
Protecting your organization against human vulnerabilities in the field of cybersecurity necessitates a combination of education, awareness, policies, and technical measures. Here are some well-known efficient strategies:
Security Awareness Training
- Regularly train employees on cybersecurity best practices.
- Never forget that prevention via cybersecurity education is the best defence against cyber attacks
- Teach them to recognize phishing attempts, social engineering, and suspicious behaviour.
- Foster a security-conscious culture within your organization.
Multi-Factor Authentication (MFA)
- Implement MFA wherever possible to reduce reliance on passwords.
- Even if credentials are compromised, MFA adds an extra layer of protection.
Access Controls and Least Privilege
- Limit user access to only what is necessary for their roles.
- Regularly review and adjust permissions.
Behavioral Analytics
- Monitor user behaviours for anomalies.
- Detect unusual patterns or deviations from normal activity.
Incident Response Planning (IRP)
- Elaborate and systematically practise Incident Response Planning (IRP).
- Ensure employees know how to report cyber incidents promptly.
Reminder
Prevention via cybersecurity education is the best defence against cyber attacks
How Can Your Organization Protect Itself from a Wide Spectrum of Vulnerabilities Exploits?
Protecting your organization from a wide spectrum of vulnerabilities exploits requires an amalgamation of technical and operational measures. Abridged hereunder are some effective measures adapted from the monograph referenced in the footnote1:
- Vulnerability Management via Asset Discovery and Inventory: Keep track of all devices, software, and servers across your digital environment using asset inventory management systems. Information Technology is responsible for tracking and maintaining records of all devices, software, servers, and more across the organization’s digital environment, but this can be extremely complex since many organizations have thousands of assets across multiple locations. This is why IT professionals and IT systems managers turn to asset inventory management systems, which help provide visibility into what assets a company has, where they are located, and how they are being used.
- Vulnerability Scanners: Regularly scan systems and networks for common weaknesses or flaws. Vulnerability scanners usually work by conducting a series of tests against systems and networks, looking for common weaknesses or flaws. These tests can include attempting to exploit known vulnerabilities, guessing default passwords or user accounts, or simply trying to gain access to restricted areas.
- Patch Management: Make use of patch management software to keep your systems up to date with the latest security patches. Patch management software is a tool that helps organizations keep their computer systems up to date with the latest cybersecurity patches. Most patch management solutions will automatically check for updates and prompt the user when new ones are available. Some patch management systems also allow for deployment of patches across multiple computers in an organization, making it easier to keep large fleets of machines secure.
- Security Configuration Management (SCM): This guarantees that devices are securely configured, track changes are recorded, and compliance with cybersecurity policies are maintained. Security Configuration Management (SCM) software helps to ensure that devices are configured in a secure manner, that changes to device security settings are tracked and approved, and that systems are compliant with cybersecurity protocols. Many SCM tools include features that allow organizations to scan devices and networks for vulnerabilities, track remediation actions, and generate reports on security policy compliance.
- Security Incident and Event Management (SIEM): This ensures that regular cybersecurity audits are conducted to identify vulnerabilities exploitations and evaluate your digital safety position. SIEM software consolidates an organization’s security information and events in real time. SIEM solutions are designed to give organizations visibility into everything that is happening across their entire digital estate, including IT system infrastructure. This incorporates monitoring network traffic, identifying devices that are trying to connect to internal systems, keeping track of user activity, and detecting potential cyber intrusions.
- Penetration Testing: This can be done by hiring ethical hackers to simulate attacks and discover vulnerabilities before malicious actors do. Penetration testing software is designed to help IT professionals find and exploit vulnerabilities in computer systems. Typically, penetration testing software provides a Graphical User Interface (GUI) that makes it easy to launch attacks and see the results. Some products also offer automation features to help speed up the testing process. By simulating cyber attacks, Testers can identify weak spots inside systems that could be exploited by real-world cyber attackers.
- Cyber Threat Intelligence: Cyber Threat Intelligence software provides organizations with the ability to track, monitor, analyze, and prioritize potential cyber threats in order to better protect themselves. By collecting data from a variety of sources—such as vulnerabilities exploits databases and cybersecurity advisories—these solutions help organizations identify trends and patterns that could indicate a future cybersecurity attack and data violation.
- Remediation Vulnerabilities: Remediation involves prioritizing vulnerabilities exploits, identifying appropriate next steps, and generating remediation tickets so that IT teams can execute on them. Remediation tracking is an important tool for ensuring that the vulnerability or misconfiguration is appropriately resolved.
[1] Steve Manzuik, André Gold and Chris Gatford. Network Security Assessment: From Vulnerability to Patch. October 2016 Paperback Illustrated Edition jointly published by Syngress Publishing Company, Oxfordshire, United Kingdom & Elsevier Publishing Company, Amsterdam, Netherlands, 416 pages.
https://www.amazon.ca/Network-Security-Assessment-Vulnerability-Patch/dp/1597491012
Conclusion
In our fast-changing world, whereby digitalization is becoming more and more omnipresent, what is the prospective outlook on vulnerability exploits? Looking ahead to 2025 and the subsequent years, advancements in generative AI may lower the technical barrier for cybercriminals – thereby facilitating the exploitation of more Zero-Day vulnerabilities. Prominent giant corporations like Google, Amazon, Facebook and Apple – which were previously resistant to such vulnerabilities exploits – may become in the future potential targets of ransomware campaigns1. Moreover, in 2023, organizations around the world have witnessed a critical tendency in exploiting high-risk vulnerabilities, with an average time to exploit cyber vulnerabilities of 44 days after initial discovery2. This is the reason why it is imperative for Canadian organizations to remain vigilant and promptly resolve vulnerabilities exploits to mitigate cybersecurity risks.
Additionally, the prospects for vulnerabilities exploits are contingent upon several factors. Firstly, in terms of emerging vulnerabilities exploits, they most often arise before official vulnerability disclosures, indicating the presence of Zero-Day exploits. These can be particularly challenging to defend against. Secondly, with reference to common techniques, the most exploited vulnerabilities frequently leverage techniques like exploiting remote services (e.g.: MITRE ATT&CK T1210) and manipulating public-facing applications (MITRE ATT&CK T1190)3. Maintaining an accurate inventory of external assets and swift remediation is indispensable. Thirdly, when it comes down to cyber threat actors, most of the wrongdoers associated with vulnerabilities exploits include Fancy Bear, Graceful Spider, FIN11, North Korea Attribution, and others. As for state-sponsored cyber attacks with geopolitical motives, they require robust defences against Advanced Persistent Threats (APTs)4. Fourthly, regarding response and remediation, some vulnerabilities exploits receive effective responses and quick remediation whereas others lag behind.
Consequently, and to sum up, it is paramount to remember that staying knowledgeable and updated about contemporary vulnerabilities exploits, and swiftly addressing them is quintessential for Canadian organizations to protect themselves against multidimensional cyber attacks. Never forget that anticipative actions, hands-on detections and pre-emptive endeavours are key for the preservation of your robust cybersecurity posture. Last but not least: prevention via cybersecurity education is the best defence against cyber attacks.
[1] Recorded Future Inc. Cybersecurity Intelligence Company. Headquarters: Sommerville, Massachusetts, USA. Patterns and Targets for Ransomware Exploitation of Vulnerabilities: 2017-2023. Posted online on the 8th of February 2024. https://www.recordedfuture.com/research/patterns-targets-ransomware-exploitation-vulnerabilities-2017-2023
[2] Qualys Inc. Web Security and Software Development Company. Foster City, California, USA. 2023 Threat Landscape in Review: If Everything Is Critical, Nothing Is. Posted and updated online on the 4th of January 2024. https://blog.qualys.com/vulnerabilities-threat-research/2023/12/19/2023-threat-landscape-year-in-review-part-one
[3] David Maynor. Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research. 1st Paperback Edition, October 2017. Jointly published by Syngress Publishing Company, Oxfordshire, United Kingdom & Elsevier Publishing Company, Amsterdam, Netherlands, 350 pages. https://shop.elsevier.com/books/metasploit-toolkit-for-penetration-testing-exploit-development-and-vulnerability-research/maynor/978-1-59749-074-0
[4] CISA – USA Cybersecurity & Infrastructure Security Agency – America’s Cyber Defense Agency. Cybersecurity Advisory: 2022 Top Routinely Exploited Vulnerabilities. Released date: the 3rd of August 2023. https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-215a
Resources and References
- IBM Security. Fighting Back Against Data Breaches. Cost of a Data Breach Report 2023. https://www.ibm.com/reports/data-breach
- SNYK. Cybersecurity Company Specialized in Cloud Computing. The 2022 State of Cloud Security Report. https://go.snyk.io/state-of-cloud-security-2022.html
- BITDEFENDER. Cybersecurity Technology Company. Business Insights: 10 Stats on the State of Vulnerabilities and Exploits. https://www.bitdefender.com/blog/businessinsights/10-stats-on-the-state-of-vulnerabilities-and-exploits/
- Chris Hughes and Nikki Robinson. Effective Vulnerability Management: Managing Risk in the Vulnerable Digital Ecosystem. April 2024 Paperback 1st Edition, John Wiley & Sons Publishing Company, Hoboken, New Jersey, USA, 288 pages. https://www.wiley.com/en-ca/Effective+Vulnerability+Management%3A+Managing+Risk+in+the+Vulnerable+Digital+Ecosystem-p-9781394221219
- Iqbal H. Sarker. AI-Driven Cybersecurity and Threat Intelligence: Cyber-Automation, Intelligent Decision-Making and Explainability. April 2024 Hardcover Edition, Springer Nature Academic Publishing, Headquarters: London, United Kingdom; Corporate Offices: Berlin, Germany; Sales Office: New York, USA, 200 pages. https://link.springer.com/book/10.1007/978-3-031-54497-2
- Allied Market Research – Allied Analytics LLP. AI in Cybersecurity Market Size, Share, Competitive Landscape and Trend Analysis Report: Global Opportunity Analysis and Industry Forecast, 2023-2032. Portland, Oregon, USA. https://www.alliedmarketresearch.com/ai-in-cybersecurity-market-A185408
- World Economic Forum. Landmark headquarters located in Coligny/Geneva, Switzerland. Branch offices situated – among others – in New York (USA), Beijing (China), Tokyo (Japan), San Francisco (USA). The Global Risks Report 2022 17th Edition. https://www3.weforum.org/docs/WEF_The_Global_Risks_Report_2022.pdf
- James Bone. Cognitive Hack: The New Battleground in Cybersecurity… The Human Mind. August 2021 Paperback 1st Edition, Auerbach Book Publications/Open Library – An Imprint of CRC Press – Taylor & Francis Group, Boca Raton, Florida, USA, 204 pages.
- https://www.taylorfrancis.com/books/mono/10.1201/9781315368412/cognitive-hack-james-bone
- Steve Manzuik, André Gold and Chris Gatford. Network Security Assessment: From Vulnerability to Patch. October 2016 Paperback Illustrated Edition jointly published by Syngress Publishing Company, Oxfordshire, United Kingdom & Elsevier Publishing Company, Amsterdam, Netherlands, 416 pages. https://www.amazon.ca/Network-Security-Assessment-Vulnerability-Patch/dp/1597491012
- Recorded Future Inc. Cybersecurity Intelligence Company. Headquarters: Sommerville, Massachusetts, USA. Patterns and Targets for Ransomware Exploitation of Vulnerabilities: 2017-2023. Posted online on the 8th of February 2024. https://www.recordedfuture.com/research/patterns-targets-ransomware-exploitation-vulnerabilities-2017-2023
- Qualys Inc. Web Security and Software Development Company. Foster City, California, USA.
- 2023 Threat Landscape in Review: If Everything Is Critical, Nothing Is. Posted and updated online on the 4th of January 2024. https://blog.qualys.com/vulnerabilities-threat-research/2023/12/19/2023-threat-landscape-year-in-review-part-one
- David Maynor. Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research. 1st Paperback Edition, October 2017. Jointly published by Syngress Publishing Company, Oxfordshire, United Kingdom & Elsevier Publishing Company, Amsterdam, Netherlands, 350 pages. https://shop.elsevier.com/books/metasploit-toolkit-for-penetration-testing-exploit-development-and-vulnerability-research/maynor/978-1-59749-074-0
- CISA – USA Cybersecurity & Infrastructure Security Agency – America’s Cyber Defense Agency. Cybersecurity Advisory: 2022 Top Routinely Exploited Vulnerabilities. Released date: the 3rd of August 2023.
- https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-215a
- Qualys Inc. Web Security and Software Development Company. Foster City, California, USA. Qualys Survey of Top 10 Exploited Vulnerabilities in 2023. Posted and updated online on the 26th of September 2023.
- https://blog.qualys.com/qualys-insights/2023/09/26/qualys-survey-of-top-10-exploited-vulnerabilities-in-2023
Contributions
Special thanks for the financial support of the National Research Council Canada and its Industrial Research Assistance Program (IRAP).
- Author : Bianka Koszler et al.
- Executive Editor : Alan Bernardi
- Translator, Reviser & Proofreader: Ravi Jay Gunnoo (C.P.T. ISO 17100)