November Webinar Recap, A Look at 2021 Forrester Predictions
In case you missed the webinar in November, we’ve included some key takeaways below. For the complete webinar, you can stream it here now.
In November, we co-hosted a webinar about 2021 Cybersecurity Predictions with Joseph Blakenship, VP, Research Director Serving Security & Risk Professionals at Forrester and Derek Abdine, CTO at Censys.
- How and why attack surfaces are increasing in size
- How CISOs and their organizations are dealing with explosive growth and challenges they face with managing their assets (in the cloud, IoT, and their remote workforce)
- Attack surface exposures, looking at unique AWS hosts over time since COVID-19
2021 Predictions and Recommendations from Forrester
Joseph Blakenship, VP, Research Director Serving Security & Risk Professionals at Forrester made 5 predictions for 2021 and we’ve included 3 mentioned in the webinar here.
- Retail and Manufacturing: These industries will have more breaches due to direct-to-consumer shift.
- Data Breaches: 33% of data breaches will be caused by insider incidents, up from 25% today.
- Auditing: Audit findings and budget pressure will lead to uptake of risk quantification tech.
Recommendations from Forrester:
- Prioritize product security: Know what systems and applications are Internet facing and potentially vulnerable, especially in the cloud.
- Get Compliant: Have a systematic and repeatable process to identify what assets you have, potential vulnerabilities of those assets, risk back to the business, and how to resolve risk with the right team members.
- Understand what we can quantify and plan to reduce risk: Have a risk reduction strategy for your organization.
For more details on 2021 predictions, stream the webinar at your convenience here.
A Look at Attack Surface Exposures in 2020
After discussing the cybersecurity predictions of 2021 more broadly, we decided to dive deeper with Derek Abdine, the CTO at Censys, to discuss how Attack Surface Management can play a role in reducing breaches and cyberattacks by securing your Internet-facing assets. Abdine walks us through several concrete examples of why it’s important to prioritize cloud security, looking at unique AWS IPs on the Internet in 2020. He ran queries on our Enterprise dataset to identify trends over time of unique AWS IPs that had visible RDP, SSH, and SMB ports. Below is the SMB example, but more examples can be found in the webinar.
What is SMB?
SMB, or Server Message Block protocol, is used for internal network file sharing. Microsoft’s documentation states this protocol “allows applications on a computer to read and write to files and to request services from server programs in a computer network”. The protocol was previously known as CIFS.
What security concerns are associated with SMB exposure?
Because this is a file sharing mechanism, there is no reason for this to be on the Internet and has a history of critical vulnerabilities, such as MS06-040 (server service, accessible via SMB through named pipes), MS08-067, and MS17-010. The protocol has been known for its “wormability”, from Conficker to WannaCry, NotPetya and others. Vulnerable versions of SMB have enabled some of the most destructive ransomware and Trojan malware attacks across the world. Malwarebytes Labs conducted research in 2018 citing examples of exploitation of vulnerable SMB versions being actively used by Trojan variants of groups like Emotet and Trickbot.
What can I do about it?
CISA provided some good guidance on SMB best practices in 2017. The US CERT recommends the following when it comes to SMB: “1) disabling SMBv1; and 2) blocking all versions of SMB at the network boundary by blocking TCP port 445 with related protocols on UDP ports 137-138 and TCP port 139, for all boundary devices”.
- Microsoft Documentation on SMB: https://docs.microsoft.com/en-us/windows-server/storage/file-server/file-server-smb-overview#:~:text=The%20Server%20Message%20Block%20
- Malwarebytes Labs on Threat Actors Using SMB Vulnerabilities: https://blog.malwarebytes.com/101/2018/12/how-threat-actors-are-using-smb-vulnerabilities
- CISA SMB Security Best Practices: https://us-cert.cisa.gov/ncas/current-activity/2017/01/16/SMB-Security-Best-Practices