Four Legacy Security Vulnerabilities Still Posing Threats

Cybersecurity, or the lack of it, is something that we all need to be concerned about. In no industry is that more readily apparent than the financial sector. As the threats continue to evolve, it’s important that we don’t forget about older threats that continue to pose serious risks to financial institutions.

Ideally, all organizations would rapidly expunge known vulnerabilities from their networks, starting with the most severe bugs that pose the greatest risk.

In reality, serious vulnerabilities never seem to die. In April, for example, the Five Eyes intelligence alliance — comprising Australia, Canada, New Zealand, the U.K. and U.S. — issued a joint alert urging organizations to patch 15 of the most exploited vulnerabilities of 2021, not least by nation-state attackers.

Of those 15 highlighted flaws, two came to light in 2020, one in 2019 and another in 2018.

Another take on the challenge comes via a list of “the most egregious network security flaws” of the past decade — from 2011 to 2021 — compiled by the SpiderLabs research and intelligence team at Chicago-based cybersecurity firm Trustwave.

Of the 10 vulnerabilities the security researchers highlight, attackers continue to actively exploit these four that should concern financial institutions:

  • SolarWinds backdoor: Attackers sneaked a backdoor into the SolarWinds Orion network monitoring tool used by 18,000 organizations and used it to target a subset of those organizations. This supply chain attack, later attributed to Russia’s foreign intelligence service, was first detected on Dec. 8, 2020, and initially patched on Dec. 13, 2020. Nevertheless, “infected servers currently exist, and attacks still take place due to companies being unaware of dormant attack vectors” that were put in place before organizations patched, SpiderLabs says.
  • Heartbleed: This flaw in older versions of OpenSSL, designated CVE-2014-0160, can be exploited to steal data, eavesdrop on communications and impersonate sites, services, or users without leaving any trace. Based on searches conducted by SpiderLabs using the Shodan internet-connected device search engine, more than 200,000 systems still remain vulnerable to Heartbleed. While that’s a reduction from the 250,000 systems counted as being vulnerable in 2015, it highlights how incredibly slowly even serious vulnerabilities can fade away.
  • BlueKeep: Microsoft Remote Desktop Protocol facilitates remote access to systems. But a vulnerability designated CVE-2019-0708 could be used to design wormable malware and has been widely used by crypto mining malware. Shodan searches show at least 30,000 vulnerable systems remain worldwide.
  • Ripple20: Widely used code for implementing networking protocols can be exploited via a set of 19 vulnerabilities first patched in March 2020. But given the flaws’ wide use in internet of things devices, their impact will likely “ripple” for years.

Many, if not most, U.S. banks keep patches up-to-date and constantly work to reduce their cybersecurity exposure. Threats are constantly evolving, but the older threats haven’t been cast into the dustbin yet.

If you have questions about cybersecurity, the evolving threat landscape, and how to best protect your bank, call ITPAC today.