It’s patch day. The latest Windows release is stable, your anti-virus needs updating, and the database software needs a complete overhaul to the latest version to remove potential injects that could compromise the security of your private data. It’s a long list, but it needs to get done to protect the security of your company. Unfortunately, marketing needs live access to the database today, and there’s just no way everything can be brought down. Maybe just one more day will be fine…
Patching can be a long and sometimes painful process. There are a hundred different things that could go wrong, and even with an active test platform to vet new patches with, there are no guarantees that everything will cooperate once the patches hit a live deployment. Even with thorough patch management guidelines in place, preparing for rough rollouts is a required step in the patching process. This makes a set procedure and flexible systems a boon when it comes to regular patching.
Malware and software vulnerabilities continue to be a growing problem in the tech community, with new exploits being discovered almost daily. A growing list of software and hardware methods of entry present the very real threat of a compromised system when patching is left to the wayside. These exploits can range from simple application vulnerabilities all the way down to the kernel or even hardware level, the worst of which can result in code execution and data extraction.
Fortunately for the IT community, many of the more dangerous offenders are quickly discovered and routinely patched. Every piece of software or hardware your company uses should have active developer support that will address security vulnerabilities and rapidly offer patches to fix the issue.
Equifax data breach
In May of 2017, consumer credit giant Equifax suffered a data breach that resulted in the release of customer information for more than 143 million individuals. Attackers were able to enter Equifax’s servers through an Apache Struts vulnerability, a web-application platform the company was using at the time. After gaining initial entry to Equifax’s system, it’s speculated that the attack was able to gain additional access by taking advantage of other insecure information within the system. By the time all was said and done, Equifax had leaked enough customer data to cover the population of the entire U.S. eastern seaboard, with headroom to spare.
Soon after announcing the breach, Equifax provided information on the suspected method of entry – the aforementioned Apache vulnerability. In a reveal that should (frighteningly) surprise no-one, the vulnerability itself had already been patched out in March of that same year. Equifax had nearly two months warning and failed to shore up security by deploying a simple update.
Said René Gielen, Vice-President of Apache Struts, “most breaches we become aware of are caused by failure to update software components that are known to be vulnerable for months or even years.”
WannaCry ransoms a quarter of a million computers across the globe
Striking again in May of 2017, the WannaCry ransomware rampaged through the internet, encrypting the data of nearly 250,000 computers in over 150 countries worldwide. The worm’s creators demanded payment in bitcoins for decryption service to regain access to encrypted files.
WannaCry took advantage of a recently discovered vulnerability in the SMB protocol used by Windows. A vulnerability that, you guessed it, already had been patched in March of the same year.
WannaCry’s projected damage estimates run anywhere from the millions to billions of dollars, with the impact ranging from lost photos or documents, all the way up to the complete shutdown of the U.K.’s National Health Service.
NotPetya and Bad Rabbit
Another nasty set of exploits to come out of the Pandora’s Box that was the SMB protocol vulnerability, NotPetya and Bad Rabbit shared similar DNA with WannaCry, each with their own malicious twist. NotPetya made use of both the EternalBlue and EternalRomance exploits discovered in an NSA leak in 2017.
NotPetya stole user passwords after gaining access to the system through the same avenue as WannaCry, utilizing Microsoft’s SMB as one route of entry to secure elevated privileges and began locking out users with a false ransom. The intent of NotPetya was to spread mayhem.
Bad Rabbit used the EternalRomance exploit with a similar mission to that of NotPetya – to cause as much mayhem as quickly as it could.
Both exploits affected huge swaths of users, particularly in the Eastern European region. Microsoft had released patches for both earlier that same year.
Nationwide Mutual Insurance Company customer data breach
Another breach affecting over a million Americans, in 2012 Nationwide Mutual Insurance Company failed to update a critical security vulnerability that led to the loss of data for 1.2 million customers. The patch in question was specifically flagged as critical, but the company still failed to implement the fix to prevent the breach.
While exact details of the breach aren’t entirely clear, the data affected included everything from names to social security numbers, driver’s license numbers, and more – basically everything a would-be identify theft needs to cause panic.
Nationwide Mutual Insurance Company was later sued and ordered to pay a large settlement for the breach.
These attacks could have been stopped with regular patching
In every instance listed above, thorough and responsive patching could have prevented any intrusion. In some cases, this could have saved the personal information of millions of individuals. Some experts estimate as much as 80% of all software-related security breaches are due to known, and fixed, vulnerabilities going unpatched. It’s absolutely essential that regular patching becomes a regular part of any IT guidelines in order to prevent future attacks to take place.
Image credits
