Vulnerabilities in Critical Infrastructure and its mitigation

With geopolitical tension rising in certain parts of the world along with the ambitions of cyber attackers, coming up with a holistic strategy to protect the nation’s critical infrastructure has become a priority for the enterprises handling them. Imagine what would happen if the nuclear plants or the space agencies of a country were hit by a cyber attack. The disruption caused due to a successful cyber attack on a nation’s critical agencies can be far-reaching. It has the potential of causing a major loss of money, time, and even lives. This can be illustrated by a recent incident.

After the release of the largest-ever compilation of breached usernames and passwords, COMB, a cyber attacker wrongfully entered the Oldsmar (Florida) water plant’s computer systems to poison the city’s water supply by changing its pH to dangerously acidic levels. Even though the attack was thwarted before completion, this incident has opened our eyes to the dangerous reality of such an attack being successfully executed in the future.

Tomorrow, this attack can take place in the form of manipulation of boiler pressure in a thermal power plant or a ransomware attack on the country’s top-tier healthcare institutions. All of such attacks are not only potentially life-threatening but also pose a huge risk of material damage.

Key tips for cybersecurity protection at your critical site - Secure Insights

Other Cyber Incidents Around the World Involving Critical Infrastructure

In February 2020, Saudi authorities reported that their public petroleum and natural gas company Saudi Aramco has seen an increase in cyber attack attempts. This public enterprise suffered a huge cyber attack back in the year 2012 when Shamoon Virus hit the facility and damaged around 30,000 computers.

A few months back, New Zealand’s central bank suffered a huge data breach, where commercially and individually sensitive information was stolen by cyber attackers.

In another event, an electricity grid in the state of Maharashtra (India) was hit by a cyber attack that resulted in a power outage. This incident took place in the month of October 2020 and the authorities suspect Chinese involvement in it.

Discussing the Deterrent

In today’s world, there is cut-throat competition between countries for production and use of resources. Therefore, it is all the more important for enterprises handling and managing the critical infrastructure to adopt a multipronged approach while planning a defense against cyber attacks.

At the organizational level, some of the following measures can help in stopping cyber attacks from affecting the enterprise-

  1. Access Management – Access management is the first basic measure that organizations should take to protect their control systems. Identity Access Management (IAM) in databases and other important IT infrastructure is necessary to limit access and prevent the misuse or leak of information.
  2. Awareness as Defense – One very effective way of preventing cyber attacks on an enterprise is to train the employees in the basics of cyber security. Cyber aware employees form a major defense against attempted cyber attacks on the enterprise.

ThreatCop Lifetime Deal | Security Attack and Awareness Simulator

  1. Email Domain Security – To ensure the security of an organization, it is imperative to address the cyber threats originating from its email domain. Using email domain security tools like KDMARC can be very effective in stopping spoofing of the email domain to protect the enterprise against spear-phishing and BEC attacks.
  2. Data Backup –  Frequent data backup in offline locations in a segmented manner is the best approach to defend against ransomware attacks.
  3. Incident Response – Use of incident response tools can facilitate quick detection of and response to a cyber attack. A phishing incident response tool like Threat Alert Button (TAB) can be quite helpful in identifying and removing phishing emails from the employees’ inboxes.
  4. Strong Password Policy – Employees should be encouraged to use strong passwords. This applies to both their work emails and other credentials used for accessing information and operations of critical systems in the enterprise.

 

Vulnerability Management vs Vulnerability Assessment

What is Vulnerability Management?

What is Vulnerability Management Anyway?

In this evolving world of complex IT landscape, we get to hear numerous cyber security buzzwords and strategies every day. Vulnerability assessment, penetration testing, vulnerability management are among the most used terms when we talk about the protection of critical assets in an organization. But ever wondered do these terms mean? Let’s break them down one by one.

The term vulnerability management is an essential component that is required in creating an organization’s solid cyber security foundation. It is a broad ongoing process that manages an organization’s vulnerabilities constantly in a holistic manner. In this cyclical process, the software vulnerabilities are discovered, assessed, remediated and verified. Follow the image to understand the vulnerability management process cycle more clearly.

This ongoing process requires scanning to assess the vulnerabilities continuously in order to ensure and fix the weakness. It is an integral part of computer and network security.

What is Vulnerability Assessment?

The foremost step to fix security vulnerabilities is to identify them in the first place. Vulnerability assessment security testing identifies the gaps and loopholes present in the networks, endpoints, and applications. It is a one-time security testing program that is performed with a defined start and end date.

Vulnerability assessment is a risk-based approach where it targets the different layers of technology such as the host layer, network layer, and the application layer. The purpose of this testing is to help organizations in identifying vulnerabilities existing in their software and IT infrastructure before any compromise takes place.

What is Vulnerability Assessment | VA Tools and Best Practices | Imperva

The following image above shows the in-depth evaluation of security posture in an organization, discovering weaknesses and recommending a suitable remedy to mitigate the risk.

Vulnerability Management vs Vulnerability Assessment

When we talk about the entire organizational cyber security, both vulnerability management and vulnerability assessment have their own significant roles. However, both processes are completely different in nature.

Unlike vulnerability assessment, the vulnerability management program doesn’t have any defined start and end date. It is more of a continuous process that helps organizations in having better management of vulnerabilities in the near future.

Whereas, vulnerability assessment, on the other hand, helps in identifying the loopholes and vulnerabilities which are ranging from critical designing to basic misconfiguration. The primary objective of this testing is to create guidance for assisting developers with fixing the identified vulnerabilities.

Although the vulnerability assessment is an important step in improving the IT security of an organization, it is not just enough. A proper ongoing process is required along with this assessment technique to successfully eliminate the security gap.

Interdependence of Vulnerability Assessment and Management

Consequently, the vulnerability assessment process has a start and end date. But in order to secure IT assets, an ongoing approach like vulnerability management should be a part of it. The identification of strengths and weaknesses identified through assessment testing is basically the beginning process of IT infrastructure security. It is more of a part of vulnerability management where a proper plan is required to be created for prioritizing and mitigating the cyber risks discovered. On the whole, the vulnerability assessment dictates the recommendations and objectives of the entire vulnerability management process.

The Significance of Security Risk Assessment and Management

It is important to assess and fully-manage cyber risks with the vulnerability assessment and security testing audits to secure the organization’s network security. With constantly evolving cyber attacks, it is highly important to understand the weakness existing in your IT infrastructure or web applications.

Regularly performed vulnerability assessment and proper vulnerability management practices play the role of cornerstones in the success of a complete cyber security program. Timely discovery of cyber threats help in patching networks as well as web application vulnerabilities. Also, both assessment and management security programs mitigate the risk elements and help in preventing the possibilities of following cyber risks:

  1. Data breaches
  2. Ransomware infections
  3. IT Infrastructure damage
  4. Reputation damage
  5. Financial loss

Security Flaws in Web Application and its Mitigation

The inability to identify vulnerabilities in a web application can leave it unprotected against potential attackers, resulting in the most severe consequences. Web application vulnerabilities include a system weakness or flaw in a web-based application that leaves you susceptible to security attacks, risking the loss of valuable company or customer data.The inherent complexity of a web application’s source code increases the possibility of malicious code manipulation and unattended vulnerabilities. High-value rewards such as sensitive private data obtained by successful source code manipulation have made web applications a high-priority target for attackers. This makes it essential to thoroughly understand web security vulnerabilities and how to prevent them.

Types of Web Application Vulnerabilities

Common Web Application Vulnerabilities | EC-Council University Official Blog

Web application vulnerabilities are caused due to misconfigured web servers, application design flaws or not validating or sanitizing form inputs. They are prioritized based on their detectability, exploitability and impact on software. So, here is a list of some of the most critical web security risks according to the Open Web Application Security Project (OWASP):

  1. Injection: Injection flaws, including SQL, OS, LDAP and NoSQL injection, take place when a query or command with untrusted data is received by an interpreter. The hostile data by an attacker can trick the interpreter into accessing data without authorization or executing unintended commands. This can lead to the unauthorized viewing of lists, unauthorized administrative access and deletion of tables.

 

  1. Broken Authentication: This occurs when application functions related to session and authentication management are implemented incorrectly. It allows attackers to not only easily compromise passwords, session tokens or keys but also assume the identities of other users temporarily or permanently.

 

  1. Sensitive Data Exposure: Sensitive data can easily be compromised if special precautions are not taken when exchanged with the browser or some extra protection, like encryption at rest or in transit, is not implemented. Many web applications are unable to protect sensitive data properly, which allows attackers to steal or modify it, resulting in credit card fraud, identity theft and a number of other crimes.

 

  1. XML External Entities: Attackers can exploit poorly configured XML processors to access confidential data, inject additional data, create remote tunnels and execute applications. This vulnerability can also lead to Server Side Request Forgery (SSRF), denial of service attacks and remote code execution.

How to Execute an XML External Entity Injection (XXE) | Cobalt | Cobalt.io

 

  1. Broken Access Control: With access control, you can manage the sections of a website and application data accessible to different visitors. If these restrictions are not enforced properly, attackers can easily take advantage of these flaws to get access to unauthorized data or functionality. This can enable these attackers to access the accounts of other users, view sensitive files, change access rights and modify the data of other users.

 

  1. Security Misconfiguration: Counted amongst the most critical web application security vulnerabilities, it offers attackers an easy way into your website. Attackers can exploit unsecure default configurations, open cloud storage, incomplete or ad hoc configurations, verbose error messages with sensitive information and misconfigured HTTP headers. All operating systems, libraries, frameworks and applications can be susceptible to security misconfigurations.

 

  1. Cross-Site Scripting: This vulnerability occurs when untrusted data is included in a web page without validation. It injects malicious code into the web application and executes it on the client-side. It helps attackers execute scripts in a user’s browser to hijack user sessions, redirect the user to malicious sites or deface websites.

 

  1. Insecure Deserialization: Often resulting in remote code execution, deserialization flaws allow cybercriminals to perform a variety of attacks including injection attacks, privilege escalation attacks and replay attacks.

 

  1. Use of Components with Known Vulnerabilities: Various components such as frameworks and libraries run with the same privileges as the web application. Even if a single vulnerable component is attacked, it can cause server takeover and serious data loss. For this reason, a web application that uses components with known vulnerabilities can seriously compromise its defences, leaving it open to attack.

 

  1. Insufficient Monitoring and Logging: Insufficient logging and monitoring along with ineffective or missing integration of incident response can cause another major vulnerability. It can help attackers further attack systems, tamper, destroy or extract data and maintain persistence, pivot to more systems. According to security studies, it often takes more than 200 days to detect a breach. And it is usually detected by an external party instead of internal monitoring or processes.

 

How to Prevent Web Application Vulnerabilities?

How to prevent top 7 Web Application Vulnerabilities?

Organizations that do not properly secure their web applications are more susceptible to malicious attacks, resulting in information theft, revoked licenses, damaged client relationships and legal proceedings. There are several measures that you can take for securing your web applications:

  1. Web application firewalls (WAFs): WAFs are hardware and software solutions designed to examine and monitor incoming traffic for blocking any attack attempts. They offer the best way of compensating for any code sanitization deficiencies.

 

  1. Information gathering: Classify third-party hosted content and review the application manually to identify client-side codes and entry points.

 

  1. Authorization: Test your application thoroughly for path traversals, missing authorization, insecure, direct object references and horizontal and vertical access control issues.

 

  1. Cryptography: Secure all data transmissions, encrypt specific data, check for randomness errors and avoid using weak algorithms.

 

  1. Denial of service: Test for anti-automation, HTTP protocol DoS, account lockout and SQL wildcard DoS for improving your application’s resilience against denial of service threats. Use a combination of scalable resources and filtering solutions for protection against high-volume DDoS and DoS attacks.

Apart from the above measures, running a periodic Vulnerability Assessment and Penetration Testing is essential too. VAPT looks for possible and common vulnerabilities related to the platform, technology framework APIs, etc., and runs exploits on the web application to evaluate its security loopholes. It provides the organizations with reports on discovered vulnerabilities, the nature of the vulnerability, threat level, its impact and measures to eliminate it.

 

error: Content is protected !!