Cybersecurity is a cause for serious concern among companies. New serious or critical vulnerabilities are coming to light almost every day and cybercriminals look to exploit them, not to mention the numerous lower risk security holes that are also detected. PandaLabs, the cybersecurity laboratory at Panda Security, detected 76,000 alerts for exploits in 2019 that aimed to leverage vulnerabilities in applications, networks, or hardware for illicit purposes.
Panda Security includes on its Critical Vulnerabilities site information about the latest vulnerability discovered by Zerologon on Netlogon, which could allow attackers to hijack the Windows domain controller.
During the COVID-19 pandemic, moreover, cybercrime has surged. Hackers have not been slow to generate more threats and take advantage of the situation, particularly the combination of the increase in telecommuting – with the attack surface therefore extending beyond business premises – and the general uncertainty affecting business and social environments. Consequently, public and private organizations across all sectors are witnessing how their infrastructure is in the sights of malicious actors, and are having to act accordingly to protect themselves.
“More than 90 percent of successful attacks today could have been avoided by applying a patch, according to a report by Gartner. And that’s not all, most of these patches had been available for more than a year and still hadn’t been installed”, explains PandaLabs.
Given this situation, the key strategy for organizations to mitigate risks and protect themselves is to apply security patches, especially since exploits already exist and are ready to be activated. However, since most published vulnerabilities are not exploited ‘in the wild‘, it is vital to be aware of the most critical security holes, i.e. the extent to which the exploit code is available to attackers, so that IT teams can prioritize the most urgent patches and updates.
Knowledge and solutions to counter the effects of critical vulnerabilities
To prevent cyberattackers from taking advantage of these vulnerabilities – which can now be exploited and pose an imminent threat to organizations – Panda Security has generated a constantly updated list of vulnerabilities detected that IT professionals can check to see the latest security issues on the applications or systems they use, and take appropriate action. In addition, it is also advisable to use specific solutions to manage vulnerabilities and their corresponding updates and patches, both for operating systems and other software.
“At Panda Security we guarantee the security of our customers with a cybersecurity suite such as Panda Adaptive Defense 360, which integrates Endpoint Protection and Endpoint Detection and Response (EDR) solutions with 100% process classification services, based on a single, lightweight agent, providing highly detailed visibility into all endpoint activity and control over all processes. Also, with Panda Patch Management we reinforce the prevention, containment, and remediation of threats, and give real-time visibility into all vulnerabilities, patches and updates pending,” affirms PandaLabs.
30 years of cyberattacks
Although cybercrime trends are forever changing, over the last 30 years the most notorious cybercriminals have shared the custom of exploiting vulnerabilities.
From Morris Worm to BlueKeep to Stuxnet or Conflicker, security holes have long been close allies of cybercriminals to steal personal data, crash systems, or disable infrastructure. Given this background, it is essential that companies are aware of the importance of updating and patching the applications and software they use.