Are we building fortresses with back doors?
I keep hearing IT teams talk about cybersecurity as the fortress protecting your data. And one of the most important part? The firewall as its perimeter.
It hardens your network!
But what I’ve seen—having worked with hackers (some of which are on my team helping protect organizations from criminals)—is that our current mindset is failing our security (and miserably so).
Each new headline-generating attack should be testament to how badly our industry needs a change. A change in how security is done and a change in how security integrates within our businesses.
Even if you were able to patch every single piece of software the way Equifax wasn’t able to or ensure every single password was randomly generated (the way many of us might secretly confess not doing), criminals are going to get past our heavy firewall-guarded gates onto our networks. And once in, they’re free to roam wild.
What I’ve seen—having cracked or bypassed most firewalls I initially inspect— is that we need to change our mindset. Yes, a firewall is critical and if it’s configured correctly and working and it probably will stop most security risks hitting our networks. But they are not impenetrable walls. They alone will not create a barrier so thick and hard that criminals won’t be able to find tunnels through it.
We, as an industry, continue to protect networks as we might protect a physical border. We’re defending our interior by locking down the boarder. We try to harden our perimeters and for things inside our networks. We’re looking for specific pattern-matching exploits, for a rule or signature of a known attack.
Today, the average attacker gets in a network 200 days before any damage is done. That means that perimeter and other measures IT teams are taking to prevent and keep bad guys out is not really working that well. It also means that you’ve got a lot of time to see something moving across your network—and many victims (even large companies) are NOT catching them!
Penetrating your network can actually be quite easy. Here is just one example of holes that old firmware leave you…
Fortinet, anyone?
Hackers earlier this year exploited vulnerabilities in Fortinet routers, even though patches were made available late last year.
There actually has been a surge in the past couple of months of hackers attempting to scan a network and hack these Fortinet devices. What we’ve seen is many are exploiting a known flow that allows them to steal passwords and other sensitive information from the device. Essentially, they have been able to use an HTTP call to get all the passwords from it.
With stolen passwords in hand, hackers have gained full access to entire networks.
There have been hundreds of attacks that I’ve either seen or heard over the past few weeks- EVEN though the vulnerability for this was reported and fixed at the beginning of the month. Hackers are very capable of taking news of juicing vulnerabilities to get in.
Many folks might think that their routers are configured correctly or may think that this vulnerability is patched on their network. My suggestion: check it.
The risk a vulnerability like this would bring makes double-checking and inspecting security work a priority. If your firewall is managed by someone else, I would insist on testing the work just to be sure it was done (I’ve seen several managed services providers with firewalls managed by a security vendor who had this vulnerability missing in the past week).
If you are using a Fortinet device—or any brand of firewall—there are vulnerabilities out there that hackers are exploiting. If you or someone on your team is not double-checking work and actually testing that they are working as expected, they probably aren’t!
As of May 2020, internet scans show nearly a half million Fortigate SSL VPN endpoints connected to the internet. Security experts are saying that nearly 10 percent of them located in the US remain unpatched (~42,000).
An easy way to check to see if your firewall is working the way you think it is? Get a simple scan done on your network. I am offering MSPs and IT teams a chance to check if their firewall is working. As part of our service to our community and to help shed some light to major cybersecurity problems as we get into June (Cybersecurity Awareness Month), I am willing to help anyone in need of a second pair of eyes.
How to get yours analyzed? Go to www.galacticscan.com/msp-extended
