Home / Industry

Thoughts and Recommendations on Addressing Vulnerability Exploitation

Cybercriminals aren't always as creative as we think they are. There is a myth about them having a never-ending supply of techniques and tricks up their sleeves. However, many can't be considered as innovators in their shady field. Instead, they merely follow and take advantage of the same reported vulnerabilities and misconfigurations over and over again.

That is why cybersecurity teams must establish a regular process to find the most frequent "issues" with their applications and systems before these can be exploited. Hiring independent penetration testers at least once a year is a good start. But when considering the costs associated per hour for these experts and the speed at which IT evolves, this is unlikely to be enough.

Fortunately, there are some actions that organizations and their employees can take; and as this post will discuss, access to the right information is a must.

Two Fundamental Ways to Avoid Vulnerability Exploitation

Patch Software, Always

Patching software regularly is the most practical tip to stay safe from vulnerability exploits. That includes internal applications (if any) as well as and third-party programs.

To illustrate this point, let's take an example we're all familiar with: Adobe Flash Player. While it does make for the creation and display of appealing content, it has a huge downside — it comes riddled with exploitable bugs.

In fact, in 2019 alone, it already has seven reported vulnerabilities, four of which are critical because they allow remote code execution. These flaws, when left unpatched, allow attackers to take control of vulnerable systems from anywhere.

Run Regular Vulnerability Assessment Scans

New vulnerabilities are discovered daily and can be easy to miss. Systems constantly change as well. Waiting, say, a full year before obtaining a better understanding of cybersecurity implications is too long.

Cybersecurity experts, in fact, recommend monthly vulnerability scanning at least. That way, IT administrators can identify and fix bugs with medium to high severity ratings before hackers can get to them.

In short, narrowing windows of exposure through frequent scans often spells the difference between protection and the lack thereof.

Various Threat Data Sources Can Help in Vulnerability Assessment and Risk Mitigation

For vulnerability assessment to be successful, specialists need to make decisions based on risks and prioritize. But through which means can organizations get an understanding of today's threats?

This is made possible, notably, through the use of various sources of threat intelligence (TI). While TI can mean different things, it usually refers to:

  • Code databases like GitHub that can provide insights into the development of proofs of concept (PoCs) vulnerability exploits
  • WHOIS history APIs that provide historical domain ownership data to reveal ties to malicious deeds in the past
  • Infosec websites, including news sites, vendor blogs, and official statements on vulnerabilities
  • Social media where tech sharings can offer researchers jump-off points to uncover actionable threat intelligence
  • Technical feeds that provide streams of data on indicators of compromise (IoCs) for context on malware and exploit kit activities
  • Forums where some malicious individuals may reveal details on the exploits they're working on
  • BIN sites such as Ghostbin and Pastebin where exploitable vulnerabilities are often listed
  • Dark Web communities and marketplaces where exploits are shared and sold
  • Vendor platforms that provide an overview of commonly exploited factors, as well as recommendations to mitigate risk

* * *

Vulnerability exploitation will remain a threat as long as organizations continue to use unpatched applications or wait too long before conducting their next vulnerability scan. The good news is that there is a wide range of threat intelligence sources that make the process easier on a recurrent basis.

WhoisXML API

About WhoisXML API – Whois API, Inc. (whoisxmlapi) is a big data and API company that provides domain research & monitoring, Whois, DNS, IP, and threat intelligence API, data and tools to a variety of industries.  Visit Page

Follow CircleID on
Related topics: Cybercrime, Cybersecurity, Whois
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Related

Topics

DNS Security

Sponsored byAfilias

Cybercrime

Sponsored byThreat Intelligence Platform

Whois

Sponsored byWhoisXML API

Cybersecurity

Sponsored byVerisign

IP Addressing

Sponsored byAvenue4 LLC

Domain Names

Sponsored byVerisign

New TLDs

Sponsored byAfilias