Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Cybersecurity Snapshot: 6 Things That Matter Right Now

Cybersecurity news analysis: IoT, VM, asset inventory, malware, APT

Topics that are top of mind for the week ending Oct. 7 | CISA puts spotlight on asset inventory and vulnerability management | Think tank does deep dive on IoT security | What’s the current state of cybersecurity? Not great | New malware cracks monthly top 10 list | And much more!

1 – CISA: Asset inventory and VM are fundamental practices

As Cybersecurity Awareness Month kicks off, here’s a fresh reminder from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) that visibility into all of your IT and operational technology (OT) assets and their vulnerabilities is critical for reducing cyber risk.

In a “binding operational directive” issued this week, CISA stresses the importance of having an updated, comprehensive inventory of IT and OT assets and of continuously detecting their vulnerabilities.

The document’s requirements include that by April 3, 2023 civilian executive-branch agencies of the federal government be able to:

  • Perform automated discovery of IP-addressable networked assets that are on-prem, remote and in the cloud every seven days.
    • This includes OT and metadata around scan maturity, scan frequency and scan depth.
  • Trigger vulnerability detection across all discovered assets every 14 days.
  • Ingest detected vulnerabilities into CISA’s Continuous Diagnostics and Mitigation (CDM) dashboard within 72 hours of discovery.
  • Search for inventoried assets and detected vulnerabilities within 72 hours of receiving a CISA request and deliver the results within seven days. 

Further analysis and commentary about the CISA directive from FCW, Forrester, The Record and Federal News Network

More resources about Cybersecurity Awareness Month from CISA, the National Cybersecurity Alliance, the Center for Internet Security and the National Institute of Standards and Technology.

For more information about asset inventory and vulnerability management, check out these Tenable resources:

2 – A framework for securing the IoT ecosystem

The Internet of Things (IoT) ecosystem – devices, services, networks – keeps growing, along with complex cybersecurity issues that accompany it. 

In a new report, the Atlantic Council think tank outlines key technology and policy issues that complicate IoT security, using the U.S., the U.K., Australia and Singapore as case studies, and zooming in on three industries: smart homes; networking and telecommunications; and consumer healthcare.

The report also recommends specific steps that governments can take to help make IoT products more secure, including:

  • Mandate that IoT manufacturers operating in their markets meet a baseline of minimally acceptable security requirements for their products.
  • Pressure domestic suppliers and retailers to demand from manufacturers that they make their IoT products more secure.
  • Create advanced security requirements for IoT products, and encourage manufacturers to adopt them.

Overview of Actors and Actions to Improve IoT Security

A framework for securing the IoT ecosystem

(Source: Atlantic Council’s “Security in the billions: Toward a multinational strategy to better secure the IoT ecosystem,” Sept. 2022)

For more information about IoT security:

3 – U.S. government details hack of defense organization

CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) released an eye-opening joint advisory this week, outlining a months-long advanced persistent threat (APT) attack against an unnamed “defense industrial base organization.”

According to the advisory, it’s likely that multiple APT groups were involved and that they used an open-source toolkit called Impacket to breach the victim’s enterprise network and an exfiltration tool called CovalentStealer to swipe sensitive data. The attackers also exploited a Microsoft Exchange vulnerability to access company email accounts.

The agencies want defense industrial organizations and critical infrastructure providers to read the advisory to understand how the hack was carried out and how they could defend themselves against similar attacks.

Here’s a quick glance at some mitigation recommendations:

  • Segment networks based on role and functionality
  • Manage vulnerabilities and misconfigurations
  • Search for anomalous behavior
  • Restrict and secure use of remote admin tools
  • Implement a mandatory access control model
  • Audit account usage

More coverage and analysis about this advisory from The Hacker News, MeriTalk, The Record and Infosecurity Magazine.

4 – A temperature check on tool sprawl

There’s a trend among CISOs wanting to consolidate their cybersecurity product stacks and shrink their roster of vendors, in an attempt to rein in tool sprawl. It’s a pain point for cyber teams, as they move away from siloed point tools and seek integrated products that interoperate and share data, and that ultimately make it easier to get actionable insights for reducing cyber risk. At a recent Tenable webinar, we took the opportunity to poll participants about the size of their tool stacks. Here’s what we found.

Tool sprawl hobbles cybersecurity operations and raises breach risk.

(99 respondents polled by Tenable in Sept. 2022)

For more information about this topic:

5 – The state of cybersecurity? Not good enough

Here’s a bumper crop of insights into how security teams are tackling – with varying degrees of success – the challenges of a growing and complex attack surface: The wide-ranging “2022 State of Cybersecurity” report from the non-profit Computing Technology Industry Association (CompTIA.)

“Digital transformation driven by cloud and mobile adoption is forcing a new strategic approach to cybersecurity, but fully adopting this new approach poses significant challenges, both tactically and financially,” reads the report.

As a result, the report, which polled more than 1,200 business and IT pros involved in cybersecurity in the U.S., Canada, Europe, Oceania and Southeast Asia, concludes that cybersecurity remains “a problematic area” which is making “relatively slow progress.”

Meanwhile, four key trends are impacting cybersecurity teams, including: 

  • The further merging of cybersecurity and business operations
  • An emphasis on zero trust to trigger improvements
  • A focus on staff specialization 
  • A boost in tools’ automated capabilities

When asked to list their organization's main changes in cybersecurity approach this year, the 500 U.S. respondents listed these top five:

  • Higher priority on incident response (cited by 43%)
  • More diverse set of technology tools (39%)
  • Greater focus on process improvement (38%)
  • Shift to proactive measures (37%)
  • Greater focus on employee education (36%)

As they deal with the most common types of incidents – malware-infected devices and infrastructure, lost or stolen devices, unauthorized backend access and ransomware attacks – U.S. respondents react in various ways, as illustrated by the charts below.

CompTIA says cybersecurity remains “a problematic area” making “relatively slow progress.”

CompTIA rates cybersecurity's state as weak and making “slow progress.”
(Source: CompTIA's “2022 State of Cybersecurity” report, Sept. 2022)

For more information:

6 – CIS: New strains show up in August’s top malware list

The Center for Internet Security recently released its list of the top malware for August, noting that the lineup features notable changes compared with the previous month.

Namely, LingyunNET, RecordBreaker and TeamSpy made their debut on the monthly list, and SocGholish and Tinba returned to it.

Here’s the full list:

  • SocGholish, a remote access trojan (RAT) and a banking trojan that uses fake Flash updates
  • ZeuS, a modular banking trojan that uses keystroke logging
  • CoinMiner, a cryptocurrency miner that spreads using Windows Management Instrumentation (WMI) and EternalBlue
  • TeamSpy, spyware that uses remote access tool TeamViewer and malware to steal information
  • NanoCore, a RAT that spreads via malspam as a malicious Excel spreadsheet
  • LingyunNet, riskware that uses victims’ system resources
  • Agent Tesla, a RAT that captures credentials, keystrokes and screenshots
  • Gh0st, a RAT for creating backdoors to control endpoints
  • RecordBreaker, an information stealer that’s the successor to Racoon Stealer
  • Tinba, a banking trojan also known as Tiny Banker because of its small file size

New concerning strains show up in top malware list

(Source: Center for Internet Security, Sept. 2022)

To get all the details, context and indicators of compromise for each malware, read the CIS report.


 

Tenable has launched the Tenable One Exposure Management Platform, which unifies a variety of data sources into a single exposure view to help organizations gain visibility, prioritize efforts and communicate cyber risks. Check out these resources to learn more about it!  

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training