InfoGuard AG (Headquarter)
Lindenstrasse 10
6340 Baar
Switzerland
InfoGuard AG
Stauffacherstrasse 141
3014 Bern
Switzerland
InfoGuard Deutschland GmbH
Landsberger Straße 302
80687 Munich
Germany
In order to cope with the constantly changing threat landscape, nowadays, having to permanently check for vulnerabilities and optimise your own IT infrastructure is part of every company’s compulsory programme. These days a permanent external scan carried out by experts – also called “external vulnerability management” (eVUMA) – is more important than ever. In this article, you can read a field report from our InfoGuard CSIRT that highlights the urgency of the issue, as well as good reasons why professional eVUMA is beneficial.
It cannot be overstated that the threat landscape is subject to constant change, although this is nothing new. Our InfoGuard Computer Security Incident Response Team (CSIRT) has been noticing for some time that attackers are increasingly striking via vulnerabilities that are exposed to the Internet. For example, in 2021 over 50% of the damage caused by cyber-attacks that our CSIRT dealt with originated from an exposed vulnerability. In some successful attacks, the vulnerability that was exploited occurred years earlier. Our experts are predicting that this situation will continue to worsen.
Back in March 2021, immediately after the vulnerability became public, we published an article on Microsoft Exchange vulnerabilities. To summarise, on 2 March 2021, Microsoft reported a serious vulnerability. Of course, immediately after it was published, attackers were scouring the internet for vulnerable Exchange systems; or to put it more bluntly, the attackers swooped down like vultures on vulnerabilities that were easily compromised from the outside.
In five incidents it investigated, our CSIRT was able to ascertain that attackers gained access to the exposed Exchange in under 24 hours after the vulnerability was published. This year, we have already received reports of damage caused by the Exchange vulnerabilities. In addition, the NCSC (National Cyber Security Centre) recently reported that many Exchange systems in Switzerland still remain unpatched.The Exchange vulnerability is often mentioned in this context, but it is only one example of many other exposed vulnerabilities that are being created every day, and which often remain undetected.
A critical vulnerability exposed to the Internet can undoubtedly lead to a ransomware attack. It is negligence to fail to patch these immediately. This is because specialised attacker groups are constantly scanning the Internet to locate places of entry and break in, as it were.
The bottom line is fairly obvious: protect your exposed IT systems and identify potential vulnerabilities – and do it before the attackers do, so that a successful cyber-attack does not happen. How? With our “External Vulnerability Management” (eVUMA) Service.
The external Vulnerability Management (eVUMA) service enables you to see your company from the attackers’ perspective. Our security experts scan your perimeter infrastructure daily from our ISO/IEC 27001-certified Cyber Defence Center (CDC) in Baar. As part of this service, we take full responsibility for the initial stages of the vulnerability management process, from daily scanning to reporting. As soon as a critical vulnerability that is exposed to the Internet appears, we handle the risk assessment of the vulnerability for you and contact you on a proactive basis. If needed, our experts will then be available to advise you in order for you to be able to remedy the vulnerability quickly and effectively.
The benefit to you is that when new high or critical vulnerabilities emerge in your exposed infrastructure, the response and information time is greatly reduced. This allows the system managers or CISOs to react to the threat as quickly as possible without having to monitor the external infrastructure 24/7 by themselves.
Interested? Contact us now for personalised advice.