/vnd/media/agency_attachments/bGjnvN2ncYDdhj74yP9p.png)
/vnd/media/post_banners/wp-content/uploads/2016/07/What-can-we-do-about-Ransomware.jpg)
Before cyber attackers can wage successful malware or ransomware campaigns, they have to gain access to their target environments. In 2022, half of the Check Point Incident Response Team's cases resulted from attackers gaining access by exploiting known vulnerabilities. By the time malicious activities—ransomware, spoofed or forged emails, malware files or unknown computer processes—became visible, attackers had already gained access and laid the foundation for a successful campaign.
2022 Top Vulnerabilities
Which vulnerabilities should you be most concerned about in 2023? Check Point Research's 2023 Cyber Security Report describes the top vulnerabilities based on data collected by the Check Point Intrusion Prevention System (IPS) sensor network. It shows new vulnerabilities are increasingly used—those reported in the past three years were used in 24% percent of exploitation attempts in 2022, compared to only 18% of attempts in 2021. In India, with the commercial availability of 5G we expect to see the number, scale and sophistication of these cyberattacks within the telco space increase overtime where the weekly impacted organisations by malware types was 4.8% via mobile (versus global average of 1.7%l).
According to an IDC India Digital Transformation Survey 2022 Report, over 54% of large* enterprises in India are planning to implement SD-Branch and ZTNA as a part of a drive towards SASE adoption, with 77.8% of enterprises in the BFSI vertical already implementing solutions and policies enabling software-defined perimeter. Another 52.2% are looking towards adopting and investing in SD-Branch components, and 54.4% are planning to implement a zero-trust network architecture and invest in related security solutions.
Despite this encouraging news, SASE vulnerabilities are known to exist, which needs to be addressed.
ProxyShell
ProxyShell is an attack chain that exploits three vulnerabilities in Microsoft Exchange Server—ProxyShell, ProxyLogon and ProxyNotShell. Combining these vulnerabilities allows unauthenticated attackers to perform Remote Code execution (RCE) on vulnerable servers. Even though these vulnerabilities were reported and patched in 2021, they're still at the top of the most exploited vulnerabilities list in 2022 and often result in major breaches.
Follina in Microsoft Office
Even though Microsoft now disables macros in documents from external sources, attackers use specially crafted .docx and .rtf documents to download and execute malicious code even when macros are disabled or the document is in Protected Mode. Threat actors exploited Follina in unpatched systems to deploy Qbot and other Remote Access Trojans (RATs), making Follina one the most frequently used vulnerabilities discovered in 2022.
Fortinet
Two critical bugs in Fortinet products reported in October 2022 (CVSS score: 9.6) and December (CVSS score: 9.3) allow unauthenticated attackers to execute arbitrary code using specially crafted requests. The company issued updates while CISA warned of significant risk to federal organizations. Exploitation attempts of CVE-2022-40684 at the beginning of 2023 affected 18% of organizations.
The Best Prevention: Patching. Cloud IPS. SASE. All Together Now
Attackers exploit exposed Windows Remote Desktop Protocol (RDP) services and unpatched RCE vulnerabilities to execute commands and place malicious code in a network. Mail servers are often the weak link. Many organizations don't deploy endpoint security or anti-ransomware products on servers for fear of compromising performance. With high numbers of vulnerabilities, network exposure and poor patch management, servers are a common open door for attackers.
Timely patching is essential—but not enough. A Secure Access Service Edge (SASE) solution, like Check Point Harmony Connect, helps prevent attackers from exploiting vulnerabilities and gaining persistence in your network. It combines four powerful capabilities in a full, cloud-based secure access service edge solution.
• Cloud-based Intrusion Prevention System (IPS): Cloud IPS detects and blocks threats targeting systems and applications. With signature- and anomaly-based detection, cloud IPS detects and blocks known threats, such as common vulnerabilities and exposures (CVEs), as well as OWASP Top 10 common errors, zero-day threats, and malicious connections. It also helps organizations offload patching for hundreds of systems, servers and application software vulnerabilities. With cloud IPS as part of Harmony Connect SASE, newly discovered vulnerabilities in browsers, applications and systems are patched virtually and automatically. Cloud IPS also stops genuine attacks in real time with high performance and minimal false positives.
• Zero-Day Sandboxing: Harmony Connect SASE includes advanced sandboxing (threat emulation), which inspects files for hundreds of different indicators—common evasion techniques, file-opening macros or out-of-context services—to determine which are malicious. In the recent Next Generation Firewall (NGFW) Security Benchmark 2023 report, Miercom found Check Point Quantum Next-Gen Security Gateway technology prevented 99.7% of new malware downloads. This is the same threat prevention delivered by Harmony Connect SASE.
• Big Data Threat Intel and AI: Big-data threat intelligence from Check Point ThreatCloud, combined with more than 30 AI and machine learning engines, identifies and blocks emerging threats.
• Full Traffic Inspection: Prevention-focused SASE performs full traffic inspection across all ports and protocols.
Authored By Harish Kumar GS, Head of Sales, India and SAARC, Check Point Software Technologies