Remote Code Execution: Threats and Protection
As seems to be the standard every year in cyber security, 2021 ended with quite the clamor. To give you some background and to help you better prepare for future threats, let’s talk about Remote Code Execution (RCE) vulnerabilities.
What is Remote Code Execution (RCE) and what are its risks?
Remote code execution (RCE) attacks allow an attacker to remotely execute malicious code on a computer.
These vulnerabilities are particularly nasty bugs that can allow a hacker to fully compromise a system or network, resulting in complete loss of data or system downtime. RCEs enable bad actors to run any programs and scripts they want from anywhere in the world. This means that an attacker can leverage the internet to cause mayhem within your environment: steal data, install ransomware, launch a denial of service, or a whole host of other terrible tactics.
Log4j: a perfect disaster 10
You may have heard about the “Log4j” vulnerability, which is a particularly vicious RCE that also fully emphasizes why patching is important. The cyber security world was put on high alert as this vulnerability affected what seemed like every application or service provider that exists. If the vulnerability is not patched, exploitation is trivially easy, and this vulnerability allows remote code execution for full system takeover. Common Vulnerability Scoring System (CVSS) was developed by the National Infrastructure Advisory Council (NIAC) and it ranks vulnerabilities on a scale from 0 to 10, ten being the worst. This particular vulnerability received a ten, which is roughly .002 of all CVSS scores.
Why security patches are critical
Patching is perhaps the single best “bang for the buck” method of preventing security incidents. In fact, it is estimated that upwards of 80% of attacks attempted by Advanced Persistent Threat (APT) groups are thwarted by systems being up-to-date on security patches.
The unfortunate reality is that there could be many yet-to-be-detected security issues lurking in the apps we use each day, known as Zero-days. These are undiscovered, latent bugs in the system just waiting for a hacker to come along and find them. Developers work quickly to respond to these vulnerabilities when either a hack occurs or a security researcher finds and reports the bug in the software.
Applying the patches quickly is always recommended because when vulnerabilities are disclosed, hackers immediately prowl the internet looking for exposed vulnerable systems knowing that many organizations lag on deploying the latest fix.
There’s more to RCE threats than Log4j
Something even more heartburn-inducing is that not all vulnerabilities get the kind of press that Log4j received. In fact, on the second Tuesday of every month, you can see hundreds and hundreds of issues being fixed by the likes of Adobe, Google, Microsoft, etc. This day is widely referred to as “Patch Tuesday” and the best practice is to implement those patches immediately as they usually report hackers are already exploiting the vulnerabilities.
Vulnerability scanners and assessments
It’s one thing to know about vulnerabilities and patches being released, it is another entirely to know if you are exposed to them or have successfully patched them. This is where vulnerability scanners and vulnerability assessments enter the scene. These automated tools periodically scan systems looking for vulnerabilities. Security analysts can review the results and then advise you on what systems need attention. Vulnerability assessments can be the first line of defense in your arsenal to keep your company secure.
Wondering about your cybersecurity health?
When it comes to cyber security, you may want to know where you stand now to better navigate your future risks and protect your company from the increasing number of threats. To learn more, take our no cost/no obligation Cybersecurity Health Check, a $3,500 value.
Jacob is a cybersecurity professional with experience in digital forensics, risk management, network security, incident response and compliance. He has been working in information technology roles since 2014, and has held cybersecurity roles since 2017.