A record year for zero-day bugs, how often do you test backups, and the world’s biggest penetration test returns.
Welcome to Cyber Security Today. It’s Wednesday, April 20th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
A record number of zero-day vulnerabilities were found and disclosed last year. That’s according to a report this week from Google. A zero-day vulnerability is a bug exploited by attackers before a developer can create a patch. Google says 58 zero-days were found in 2021, compared to 25 the year before. That’s the bad news. The good news is that Google doesn’t think this is because software developers are getting worse at creating secure code. It’s just that the ability of security researchers to spot zero-days being exploited has increased. Also, more software companies are disclosing zero days in their applications. But not all. So that means it’s highly likely there were more zero-day vulnerabilities than 58 found last year.
What can you do? If your firm develops software, make sure it publicly discloses if a vulnerability is being exploited. Developers should work harder at reducing memory corruption vulnerabilities. And security researchers should share exploit examples.
It’s important that IT departments regularly test their ability to restore backup data for two reasons: First, to make sure backup data hasn’t been corrupted. And second, to give the IT team practice. How often should you test data restoration procedures? Here’s a yardstick from a survey of 620 IT pros in North America and Western Europe out this week from the IT analyst firm Enterprise Strategy Group: Thirteen per cent of respondents said they test daily, 28 per cent said they test weekly, 14 per cent said they test every other week, 23 per cent said they test monthly. In short, 78 per cent of organizations in this study test their data recovery skills at least once a month. How do you compare?
Here’s another interesting stat from the same survey. It asked respondents how long it would take their organization to restore mission-critical data after an incident. Forty-six per cent said it would take at least six hours, 35 per cent said it would take less than six hours and 17 per cent said they could do it in less than an hour.
Think you have a tough penetration test? How about one involving 2,000 participants from 30 countries. That’s what’s going on this week in the largest international cyberwar exercise. It’s an annual test involving members of NATO and invited countries called Locked Shields. Organized by NATO’s Co-operative Cyber Defence Centre of Excellence, the goal is to test the ability of IT staff to work together to protect critical infrastructure in a simulated war. In this year’s scenario, a fictional island country is experiencing hostile events and co-ordinated cyberattacks. Essentially, it’s one big red-team blue-team fight. The blue team defenders play the role of national cyber rapid reaction teams to help the fictional country handle the attacks. Last year’s exercise involved about 5,000 virtual systems configured to be military, financial, government, telecom, utility, manufacturing and other IT systems. Defenders faced more than 4,000 attacks over several days.
QNAP has issued several warnings recently about cyber attacks on its network-attached storage devices. Now it’s advising IT administrators to disable Universal Plug and Play Port Forwarding. UPnP forwards ports to other devices, which allow NAS devices to communicate more efficiently. But it’s not a secure protocol. So QNAP says its storage devices should be behind a router and firewall. Remote access should be done through QNAP’s cloud link service or the VPN server function on a router.
Owners of certain consumer models of Lenovo laptops are urged to download and install the latest firmware. This will block three serious vulnerabilities. Devices affected include some Flex-3, IdeaPad3, Legion 5 and Yoga laptops. According to researchers at ESET, the vulnerabilities could be used to disable certain device protections.
Finally, does your firm use Lilin brand internet-connected digital video recorders for video surveillance or other purposes? If so, make sure the devices are fully patched. This comes after researchers at Nozomi Networks discovered a piece of malware targeting unpatched Lilin devices. The malware chains infected devices into a botnet. The vulnerability is two years old, so patches should have been installed long ago.
Remember links to details about podcast stories are in the text version at ITWorldCanada.com.
You can follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.