At least if you get patching
The start of Autumn is always a quiet time for us Cyber bloggers. Presumably having taken time off over the summer to rest and recuperate on their islands with flip-top Volcano lairs or Yachts with a submarine, plane and another boat inside therm, we think that this must be planning time in bad guy world.
However, the wheels of industry and the hive of activity that are the beleaguered security and development departments of software companies never sleep and strive tirelessly to patch issues as expeditiously and effectively as possible.
As you will all know most of the big players release patches on the second Tuesday of every month (sometimes the fourth Tuesday). Nattily called Patch Tuesday. This trend was started by Microsoft way back in 2003 when computers were called looms and powered by steam. The days when the instructions were chiselled on stone tablets, or certainly near that time.
Fun fact – Microsoft traditionally puts out bigger patches on even-numbered months, like, errr October.
This week, Microsoft released a humdinger of a patch release. Well, at least if you get excited by really serious issues which could result in your environment being owned by recently returned, suntanned cyber criminals. Not only that, but Apple has also released some patches for iPhones and iPads that fix bugs that can be used to install malware or steal data.
The Microsoft releases patches include 3 ‘Critical’ weaknesses that could enable our orange tanned associates to completely take control of your systems with no outside help. Perhaps more worrying, the fixes also include multiple issues designated ‘important’, which we have always considered to be just as serious as those labelled critical. Especially if they are under active attack, which some of them are.
CVE-2021-40449 is an ‘elevation of privilege attack, which is being actively used, as is CVE-2021-36970 which is a further fix to the Windows Print Spooler bug named ‘Printnightmare’ which has had us worried for some time.
The best ways that you can protect yourself against these and future exploitable and exploited bugs are:
- Understand your estate, your crown jewels, your Internet facing Infrastructure and what condition it is in.
- Stay on top of, or have your outsource partner stay on top of, patch announcements.
- Of course, make sure your estate is backed up and that you have off-line copies of those backups before deploying patches. We all do that now, don’t we people?
- Prioritise patching if you can’t deal with the whole estate at once. We would advise waiting a little while to see if the patches break stuff. Perhaps use a resource such as askwoody.com which has a myriad of useful information for Windows users, including dodgy patches that may break your stuff.
And as for security monitoring and management:
- Make sure that your security monitoring and management platform is up to date with the latest security analytics
- Make sure that your security management solution can take automated remedial action as soon as a viable threat is seen. This should include quarantining, shunning (disconnecting), automatically investigating or reducing access for machines on your estate.
- Have a working, two-way engagement with your security partner. Trust is very important.
- We repeat – make sure that remediation is automated – attacks are automated. If your response is not, you may well be dead in the water before the SOC emails you or (in the event of your mail being down), calls you.
- Have your systems configured to best practice making best use of licensed features that you have already purchased. Many are surprised about the fictionality of the product set they already have and often, in our opinion, rush to buy point solutions rather than execute a strategy.
Now just as it happens, Tiberium ticks all of the security boxes above. Our tooling includes automated remediation, our onboarding configures your estate to best practice and is competed in days not months. Also, our people are the very best. If you are a customer of our MYTHIC service, we will engage with you regularly to hunt for threats and if necessary, assist with issue remediation.
We would very much like the opportunity to meet you and show you our work and services. Please contact us. We would be happy to meet online or In Real Life (we prefer that).
Everything is gonna be alright is by the brilliant Beverley Knight, produced by (no relation) Mark Knight and includes The London Community Gospel Choir. It makes us smile all the way around the block. Give it a listen and have a grin.