Cambodia Cyber Attack – National Police Website
August 4th, 2017
The recent hack of the Cambodian National Police website highlights the importance of regular vulnerability scanning and patching. Reports from Verizon and Gartner have, for the past few years, indicated that around 95% of successful attacks are the result of well-known and entirely preventable vulnerabilities – this attack is no different.
The attack appears to have been carried out by an automated tool which exploited a known vulnerability in the WordPress blogging platform. Keeping WordPress updated to the latest version would have prevented the ‘drive-by’ attack. However, updating WordPress can become challenging and it’s hard to know which are dealing with vulnerabilities and which are simply fixing or enhancing internal features.
Wading through the relative tsunami of data that can result from small IT environments is a massive task, the volume of data about larger environments can be truly overwhelming. Tools like BeyondTrust’s Retina CS Enterprise Vulnerability Management solution help by allowing you to identify and target the most important vulnerabilities first.
It’s not those with the highest CVSS (Common Vulnerability Scoring System) score, it’s those with known vulnerabilities. It’s these vulnerabilities that are used by exploit software and tools to provide easy access into your systems, it’s these vulnerabilities that are used by automated tools like the one that damaged the National Police website.
Having the easily exploitable vulnerabilities identified along with any patching, updating or configuration remediation data allows you to quickly locate and fix the biggest risks in your environment. When you regularly scan your environment using tools like this, automated hacking tools and exploit toolkits become useless against you – you become a much harder target and the majority of hackers are going to move on. Why put the effort in to breach your system when the very next IP address might offer easy access.
Vulnerability management with regular scanning (at least weekly) is the first stage in securing your environment. Once you have closed the easy access points, you then focus on limiting the impact of an intrusion through privileged access management. BeyondTrust is the only company who develop the tooling to cover vulnerability management and privileged access management in a single platform with a unified management, reporting and behaviour analysis platform.