Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Cybersecurity Snapshot: 6 Things That Matter Right Now

Cybersecurity Snapshot #13

Topics that are top of mind for the week ending Sept. 30 | Are you ready for the quantum threat? | Tips for protecting critical infrastructure from cyberattacks | How to prevent MFA fatigue attacks | “FiGHT” to secure 5G networks | And much more!

1. MFA fatigue in the spotlight

The social engineering attack known as multi-factor authentication (MFA) fatigue is in the spotlight after a cybercriminal used it successfully against Uber.

This is the typical scenario: A hacker steals credentials for an MFA-protected account and tries to annoy the user into approving the login attempt via a barrage of mobile push notifications.

Tips to prevent multi-factor authentication (MFA) fatigue attacks

In the Uber case, the hacker reportedly took his efforts to another level by actually contacting the targeted user – a Uber contractor – via Whatsapp, saying he was a Uber IT staffer.

So how can your organization prevent MFA fatigue attacks? Here are some recommendations from MITRE:

  • Block login attempts from locations that are suspicious or don’t match the location of the MFA smart device.
  • Restrict the number of MFA request prompts that can be sent to users.
  • Educate users so that they only approve login requests they initiated and report unsolicited prompts.

For more information:

2. U.S. Congress tackles open source software security

Highlighting the U.S. government’s grave concern about the security of the software supply chain, new legislation focused on open source software (OSS) has just been introduced.

The bipartisan “Securing Open Source Software Act of 2022” was sponsored by two senators – Gary Peters (D-MI) and Rob Portman (R-OH) – and comes in response to the shocking discovery in November 2021 of the Log4Shell vulnerability in the ubiquitous Log4j open source component.

The U.S. Congress tackles open source software security with new legislation

The bill, whose sponsors hold leadership positions in the Senate’s Homeland Security and Governmental Affairs Committee, calls for tasking the Cybersecurity and Infrastructure Security Agency (CISA) with:

  • Creating a risk framework to assess how the federal government uses OSS
  • Evaluating how this framework could be used by critical infrastructure operators
  • Hiring experienced OSS developers so the government and the OSS community can collaborate and address future situations like the Log4j vulnerability
  • Establishing a software security advisory subcommittee

To get more details, you can read:

3. Rinse and repeat: Cyberthreats top business concerns

In a survey of 1,200 U.S. business decision makers, cyberthreats topped all business concerns, specifically suffering a system breach and becoming a ransomware victim.

The “2022 Travelers Risk Index,” from the namesake insurance provider, also found gaping holes in respondents’ cyber preparedness, including an absence of:

  • Endpoint detection and response (64%)
  • Vendor cyber assessments (59%)
  • Incident response plans (53%)
  • Multi-factor authentication (48%)

A survey shows that cyberthreats top all business concerns, specifically system breaches and ransomware attacks.

Significantly, 26% said their company had suffered a data breach or a cyber event, with about half of those incidents happening in the past 12 months. Among these respondents, 71% have been successfully attacked more than once.

Still, a whopping 93% of respondents expressed confidence about their organizations’ ability to prevent or mitigate a cyber incident via the implementation of best practices, although 57% said it’s inevitable they’ll suffer a future cyberattack. 

For more information about establishing strong cybersecurity foundations:

4. Quantum computing’s security threat looms

Is quantum computing’s security threat on your risk radar screen yet? The drumbeat of concerns about the technology’s threat to data security and privacy is getting louder. The latest indication comes from a Deloitte online poll of 400-plus professionals who have assessed the benefits and downsides of quantum computers.

These systems don’t exist yet, but when they become available – maybe around 2030 – they’ll be able to decrypt data protected with today’s public-key cryptographic algorithms. While “quantum resistant” algorithms are in the works, cybercrooks are stealing data now to decrypt it later with quantum computers – a scheme known as “harvest now, decrypt later.”

About 50% of survey respondents said they believe their organization is at risk for this type of attack. When asked if their organization has conducted a quantum risk assessment, 45% said they either completed one or plan to conduct one within the next year. Another 16% plan to conduct one in two to five- years and 6% in six to 10 years. About 7% don’t plan to do one.

Concerns grow about quantum computing's threat to data security and privacy

(Source: “Harvest Now, Decrypt Later Attacks Pose a Security Concern as Organizations Consider Implications of Quantum Computing” report from Deloitte, September 2022)

Recommendations from Deloitte include:

  • Making a cryptographic inventory
  • Sharpening data governance
  • Managing certificates

For more information:

5. CISA/NSA: Tips to protect critical infrastructure from cyberattacks

The U.S. government is warning about cyberthreats faced by critical infrastructure facilities via vulnerable IT and operational technology / industrial control systems (OT/ICS) environments.

In an advisory, the government explains why these environments are increasingly at risk to cyberattacks; details how attackers – including advanced persistent threat (APT) groups – target them; and offers mitigation strategies.

The U.S. government is warning about cyberthreats faced by critical infrastructure facilities via vulnerable IT and OT/ICS environments.

The document from the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) lists the steps attackers typically follow:

  • Based on their motivation, such as financial, political or military, they pick a desired effect (disrupting, disabling or destroying) and select a target.
  • They collect intelligence via multiple avenues, including by breaching the facility’s IT network and by gathering publicly available information.
  • They then develop techniques and tools to breach the system, often by building a mock-up of the target system.
  • They gain initial access to the system, typically via remote access points that are often poorly secured.
  • Once they have access to the targeted OT/ICS system, they’ll disrupt the operator’s ability to monitor and control it; tamper with the system; and more.

“Using these techniques, cyber actors could cause various physical consequences. They could open or close breakers, throttle valves, overfill tanks, set turbines to over-speed, or place plants in unsafe operating conditions,” the document reads.

Recommended mitigation measures include:

  • Limit exposure of system information, such as by avoiding offering details of its hardware, firmware and software in public forums.
  • Identify and secure remote access points by creating a full inventory of them and limiting and hardening assets exposed to the internet.
  • Restrict tools and scripts only to users authorized to perform tasks on the control system.
  • Conduct regular security audits to validate all connections, review patching procedures, monitor system logs, and more.
  • Implement a “dynamic network environment” by adding firewalls and routers from different vendors, modifying IP address pools and upgrading hardware and software.

For more information:

6. A new framework for 5G network security

Attacks against 5G systems will ramp up as deployments of this mobile network technology increase, so securing them properly is critical. To that end, MITRE and the U.S. Defense Department have released a framework called “5G Hierarchy of Threats,” or FiGHT for short, intended for securing 5G ecosystems.

MITRE and the DoD released the FiGHT framework to secure 5G networks.

FiGHT contains three types of adversary tactics and techniques: theoretical, proof of concept and observed. It can be used to assess threats, emulate attacks and plan cyber investments. 

Modeled after the MITRE ATT&CK framework, FiGHT is aimed primarily at telecom providers, manufacturers and cybersecurity researchers.

For more information about 5G security challenges and best practices:

Related Articles

Are You Vulnerable to the Latest Exploits?

Enter your email to receive the latest cyber exposure alerts in your inbox.

tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable.io Vulnerability Management trial also includes Tenable Lumin, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable.io Vulnerability Management trial also includes Tenable Lumin, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

Tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now

Try Tenable.io Web Application Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web Application Scanning trial also includes Tenable.io Vulnerability Management, Tenable Lumin and Tenable.cs Cloud Security.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable.io Container Security

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Try Tenable Lumin

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable.io Vulnerability Management, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable.cs

Enjoy full access to detect and fix cloud infrastructure misconfigurations and view runtime vulnerabilities. Sign up for your free trial now.

Your Tenable.cs Cloud Security trial also includes Tenable.io Vulnerability Management, Tenable Lumin and Tenable.io Web Application Scanning.

Contact a Sales Rep to Buy Tenable.cs

Contact a Sales Representative to learn more about Tenable.cs Cloud Security and see how easy it is to onboard your cloud accounts and get visibility into both cloud misconfigurations and vulnerabilities within minutes.

Try Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Promotional pricing extended until December 31st.
Buy a multi-year license and save more.

Add Support and Training