Vulnerability Check – Why should we do it periodically
‘Personal Information Leakage’, ‘Corporate Information Leakage’, ‘Cryptocurrency Outflow’
They are typical types of information security incidents that often appear in news and portal sites. The damages to these security incidents are significant. Therefore, domestic companies should conduct periodic security checks to reduce the damage of cyberattacks. But how often should we do it? If we had a security check last year, would not we do it this year?
Continuous public vulnerability
Companies handling major telecommunication infrastructures, electronic financial infrastructure, or personal information are obliged to conduct periodic security checks to prevent their major assets from being exposed to threats.
Public vulnerabilities are already well-known, and their information can be easily obtained from the Internet. You can get the exploit code to test the actual attack as well as the name or version.
[Public exploit code of Heartbleed vulnerability]
We can find about 160 vulnerabilities updated in January 2019 at Exploit-db.com, one of the leading sites that share public vulnerabilities.
[List of public vulnerabilities in exploit-db.com]
Vulnerabilities are still occurring. In order to resolve them, periodic security checks should be performed to check for the presence of vulnerabilities. Of course, high-risk & high-impact vulnerabilities require immediate action.
One of the methods that make analysis of the program difficult is a technique called Packing. Among them, Themida Packing is the most widely known tool. The problem is that techniques for automatically unpacking these packs are constantly being developed and released, and this tool can speed up program analysis. As a result, an attacker can use these tools to perform sophisticated attacks in a short period of time. If you manually check for vulnerabilities, you often use tools like an attacker, so you should check for vulnerabilities periodically using the latest tools every year.
[Unpackable Themida Version (2.x)]
Exposure of threats due to changes in infrastructure environment
The companies introduce new equipment for various reasons such as system improvement, security enhancement, cost reduction, etc. At this time, administrative weakness may occur due to insufficient security setting. For example, it is possible to cause carelessness such as unchanging the system default account, unsetting the IP access restriction, and not deleting the test account, and these small mistakes can cause a serious threat. The vulnerabilities can be occurred due to new equipment introduction for continuously changing environments or temporarily set values for testing. Therefore, it should be managed through periodic infrastructure checks.
[Attempt to log in with default ID and password (root / 12345)]
Exposure of security threats by application function changes
Some of the application services provided by the enterprise may be added or changed, which can also lead to vulnerabilities. For example, fingerprint authentication being added to enhance security of login authentication, if the fingerprint information may be left in the terminal or may be exposed to the network section, it may be exposed to another security threat. Adding a fingerprint authentication function may inadvertently alter the functions of other parts, which may change safe to vulnerable. Of course, it would be nice to check the vulnerability as a whole at the same time, but it is difficult to test the entire system every time, and only the added and changed parts are checked frequently. Therefore, it is necessary to make up for the missing parts through periodic vulnerability check.
[Add fingerprint authentication function in mobile app]
There is no perfect security
Organisations should periodically check the infrastructure of information systems and web/mobile applications to prevent information security incidents and to protect information assets. Assuming that you inspect it once a year, you can be safe right after the check. But it’s likely that you will be exposed to security threats over time for the above mentioned reasons. Eventually, once the vulnerability check period approaches a year later, security status is likely to have become very dangerous.
In order to reduce risk, it is better to have shorter inspection intervals. However, it is most effective to check the vulnerability at the shortest possible level, considering the environment of the enterprise and the characteristics of each system. And corporate security officers should keep in mind that “even if the vulnerability check is done completely, there are various environmental changes that need to be checked continuously.” Again, there is no perfect security anywhere in the world!
By: Adura Cyber Security
Adura Cyber Security provides cyber security consultancy to help organisations in Asia to strategise and maintain a security posture that is effective, sustainable and tailored to meet the needs of their business.