As yesterday was Patch Tuesday – it seemed appropriate to run this latest part of my ransomware series today.
This article about ransomware is going to be short and to the point. DO NOT SKIP software or operating system patches and updates.
Switch on automatic updates.
Finished.
Well not quite…
Software that has a known security vulnerability is probably the most popular attack vector for threat actors after phishing and social engineering. Patches and updates need managing and monitoring for a joined up cyber security plan.
For better ransomware protection patch your vulnerabilities
Keeping up with the security patches is important. One of the best known vulnerability references on the web – other than the individual vendor sites – is the US government’s Cybersecurity and Infrastructure Security Agency (CISA) “Known Exploited Vulnerabilities Catalog (sic)”. (CISA. 2023). This database is regularly updated and can show you quickly if your software package or operating system has a flaw that is being exploited by threat actors and where to get help. However it does not cover everything and that is where the vendor pages are a valuable resource, especially if you are using less common software.
Remember also that CISA is a US government agency so it highlights packages used by the US government and US-centric software, but it is still a great help to other organisations trying to mitigate risks.
Microsoft Patch Tuesday
I know other software exists, but Microsoft is dominant in the business world (do you use Microsoft 365 on your Mac?), so keeping up with Microsoft patches is essential. As the number of potentially vulnerable users is very high, any vulnerability there is exploited immediately. Very high = more money for the threat actors.
I have written about Patch Tuesday here:
How Microsoft Patch Tuesday can help your cyber security planning
Other companies have also taken to releasing their patches on and around Patch Tuesday and even Apple has occasional Patch Tuesdays. Remember to check other vendor update pages or sign up for newsletters that will keep you up-to-date with their security patches.
Microsoft does issue patches at other times, however, especially when addressing a zero-day threat.
The zero-day threat and ransomware
The zero-day threat is when a threat actor discovers a software flaw and exploits it before the vendor knows there is an issue. The vendor then produces a patch, tests it and gets that patch to you, but there is an unavoidable time lapse. I have written about that security gap before and how your team and their cyber awareness training is what protects you. Ransomware has the perfect opportunity to get in during that gap.
But un-patched software is still a way in for ransomware
Of course IT professionals always patch their software!
Well, no. un-patched VMware ESXI servers have been in the news lately. The security patch to fix the vulnerability was issued two years ago, but over 18,000 servers remained un-patched and vulnerable to a ransomware attack – many were encrypted. (Greig. 2023)
So make sure you keep things patched. Your Cyber Security Master Document will always be your friend in these situations.
Clive Catton MSc (Cyber Security) – by-line and other articles
References
CISA. (2023). Known exploited vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency. Retrieved February 14, 2023, from https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Greig, J. (2023). More than 18,500 ESXI servers still vulnerable to VMware bug behind initial ransomware spree. The Record from Recorded Future News. Retrieved February 14, 2023, from https://therecord.media/esxiargs-ransomware-vmware-more-than-18500-servers-still-vulnerable/
Grimes, R. A. (2021). Ransomware protection playbook. John Wiley & Sons, Incorporated.
Further Reading
Zero-day (computing) – Wikipedia
Ransomware Mini-Series (2023)
This is part 5 of my ransomware mini-series:
Ransomware: Is it a Threat? (Part 1)
A Bag of Spanners – Planning and Preparation (Part 2)
Minimise the Damage – Planning and Preparation (Part 3)
Detecting Ransomware (Part 4)