November 18, 2020 by Tim
Obviously, 2020 will go down in history as the year the COVID-19 pandemic rocked the world. But it’s also been a particularly tough year for cybersecurity. Many historic cybersecurity vulnerabilities have been discovered this year, including some of the worst security holes ever found in the Microsoft Windows operating system. Furthermore, with many people now working from home due to COVID, cyber-criminals have found many new easy targets. In fact, the FBI reported that there has been a 300% increase in cyber-crime since the pandemic began.
As 2020 comes to a close, let’s take a look back what’s happened so far.
SMBGhost is the codename for a vulnerability discovered in Microsoft Windows 10 and Window Servers in early 2020. SMBGhost affects SMB, the protocol used for Windows file sharing, and was rated as critical because an attacker could exploit the bug without knowing a username or password for the target computers.
An attacker could leverage SMBGhost from within a network he or she had already entered, or even exploit the bug from the outside by tricking computers into connecting to a malicious server on the Internet.
Like most vulnerabilities, Microsoft did release a patch for SMBGhost right away, but millions of un-updated computers and servers are still vulnerable.
The Ripple20 bug does not affect Microsoft Windows. Instead, it targets the Treck IP Stack, a piece of software used by devices like printers, industrial machines, medical equipment, smart-home gadgets such as programmable thermostats, and many more. An attacker could use the Ripple20 bugs to infiltrate a network from the outside, or move laterally within a network that’s already been compromised.
Ripple20 got its name from what’s called the supply-chain ripple effect. Many third-party developers licensed the Treck IP stack to use in their software, which they then in turn sold to different gadget manufacturers to use in their products. Due to the ripple effect, it’s impossible to know just how many devices are affected by Ripple20.
Unlike the Windows bugs, a single vendor like Microsoft can’t release a patch to fix Ripple20, which affects devices from countless different manufacturers. Furthermore, some manufacturers may have gone out of business or no longer support the affected devices. Some devices could also be designed in such a way that their internal software can’t be updated at all.
The best mitigation for Ripple20 is to carefully wall off any networked gadgets on their own isolated network, separate from any computers. Contact Green Mountain IT Solutions for assistance segmenting your network.
In June, I wrote a complete post on Ripple20, which you can find here.
SigRed is another critical Windows security bug, this time affecting the Windows DNS server. DNS (Domain Name Service) is what translates the domain names people use, like google.com, into the IP addresses computers use to communicate, like 192.0.2.100. You can think of DNS as an address book for computers.
SigRed is considered especially bad for a few reasons: First, the bug affects all Windows Server versions from 2003 to 2019, meaning it’s gone undiscovered for 17 years! Second, since almost all computers need to use DNS, SigRed has a wide impact. Lastly, SigRed can be exploited very easily. SigRed does not require the attacker to know a username and password to exploit. While SigRed affects Windows servers, not normal workstation PCs, regular PCs can be used to launch a SigRed attack against a server on the same network.
Once again, Microsoft did release a patch for SigRed, but many will surely fail to install it and remain vulnerable.
I also wrote a full post on SigRed, which you can read here.
In August, yet another Windows vulnerability was announced. The critical ZeroLogon Windows vulnerability may have been the worst bug of the year.
ZeroLogon allows attackers to take control of a Windows Domain Controller server, used by many businesses to manage employee logon accounts. ZeroLogon is considered one of the worst Windows exploits ever discovered. All an attacker needs to exploit ZeroLogon is to gain access to a network, for example by decoding a weak Wifi password or tricking a user into clicking the wrong link. Once the attacker has network access, they can take over the network in seconds by exploiting the ZeroLogon bug. ZeroLogon was fixed by a Windows update released in August 2020, but organizations that haven’t been patching their systems promptly have already been exploited.
How about a little local news for Vermonters? On October 28, 2020, the University of Vermont Medical Center began experiencing a cyber-attack affecting almost all the hospital’s IT systems. While we’re still awaiting confirmation, it’s believed the attack may have been an instance of ransomware, a type of virus that encrypts files and demands a ransom payment to restore access. Prior to the attack at UVM, several other hospitals across the country also experienced ransomware events.
After weeks of work, IT workers at Vermont’s largest hospital still hadn’t fully restored the affected systems. Hospital staff have had to fall back on paper records to continue operations. Vermont Governor Phil Scott even called in the state’s National Guard to assist the hospital’s IT team in their restoration efforts.
While many details remain unknown, it’s possible the attackers leveraged one of the vulnerabilities listed above to gain access to the UVM network.
I’ve written a couple blog posts on the UVM attacks, which you can read here and here.
Due to COVID-19, more people than ever before are working from home. This creates a big cybersecurity risk. Home networks just aren’t as secure as business networks, and the sheer number of new work-from-home setups means there’s that many more targets out there for cyber-criminals. Furthermore, because IT departments had to rush to deploy remote work systems when COVID struck, there is a concern that many of these systems weren’t properly secured.
All this makes the new world of COVID a hacker’s paradise. Even if your company isn’t working from home, cyber-criminals are working overtime to develop attacks that could affect traditional offices just as much as the remote workers.
Considering these developments, some experts are predicting that 2020 will go down as the worst year on record for cybersecurity. And remember: the year isn’t over yet! Hopefully, the worst is behind us, but we can’t be too careful.
Update December 2020: I spoke way too soon. Things got much, much, much worse for cybersecurity before 2020 came to a close. Read about the end-of-year cyber-disasters here.
Concerned about the security of your network? Green Mountain IT Solutions offers a FREE, no-obligation cybersecurity assessment. Contact us today to book your free consulation.