Preface: John H Keesling, a long time IT professional, is the founder of WyoSupport and is new to Cheyenne. He has entered the Greater Cheyenne Chamber of Commerce Cybersecurity Accreditation program to meet people and to review the process from the customer’s standpoint.
By John H Keesling
I’m sure you’ve seen the news stories about Hackers and Ransomware attacks. This is because Threat Actors (or Black Hat Hackers) have found several ways to gain access to vulnerable systems. The biggest problem right now is the speed of these attacks seem to be increasing. I’d like to share some insight into why this is the case.
There is a new term coming to the Cyber Security industry, “Mean Time To Inventory” or MTTI.
This is a measure of time from publication of a vulnerability by manufactures, to the time Threat Actors are able to take ownership of a vulnerable system. Due to the increased sophistication used by these Threat Actors, MTTI is A LOT shorter than people generally realize. For example, the Hafnium exploit from March this year had a MTTI of 15 minutes. In this short time thousands of systems were infected with the first round of attacks. More and more systems were affected when new more complex variants of the first attack were released over the following days.
How is it possible for a Hacker to gain control of such a large number of computers in just 15 minutes?
Although it’s possible to scan the internet for open/vulnerable systems, this isn’t the fastest way to find potential targets. Hackers are now continually scanning the internet and building complex databases. These databases contain a list of specific details on IPs, such as server type, version number, company name, ISP, open ports, and even closed ports. All this information can give clues to an attacker on what lies behind firewalls.
Even home users are at risk for this!
When a new vulnerability is published, a Hacker will review the details and check their database. Instead of sending out the hack to 4 billion random targets, the list is narrowed down to the device or service addressed by the patch. Threat Actors want to get into as many systems as they can, and speed is their best chance to do this. Interesting fact: Once in control, It is quite common for a hacker to patch the server to prevent others from stealing their prize.
We can only guess what motivates these people to do what they do, but one thing is for sure: this is only the first step in their process.
Detecting these hackers AFTER they are in your network is extremely difficult and expensive, but not impossible. But the very best thing we can do to prevent our own systems from falling prey is to patch our systems as soon as the patch is available. Microsoft, Adobe, and other companies are all standardizing on Tuesdays to release patches, and publish the findings on the vulnerabilities they address. Running updates on your servers and computers (as annoying as it is to reboot in the middle of your work day) is becoming more necessary to fight back against these threats. A security review should be in place on your Firewall, and any other IoT devices you use to ensure they are all up to date.
Hackers won’t stop what they do, but running these patches and updates will greatly increase your chances of deflecting an attack. If you need help, please reach out to your trusted IT partners.
We are all in this together!
John H. Keesling
Founder – Wyo Support, Cheyenne Wyoming
Office 307-421-5705, firstname.lastname@example.org