At any point of the digital transition,…
The five most popular security vulnerabilities among organizations in Israel were released by the cyber framework. In certain instances, according to him there are software fixes that address the vulnerabilities, but the organisations do not install them despite the alerts.
16:16 GMT, Friday, November 27, 2020
Today (Thursday), the National Cyber Network revealed a list of the five most common flaws that hackers have abused and are now exploiting for attacks on institutions and targets in Israel over the past year.
Weaknesses are flaws in operating networks that can be abused by regular security patches issued by the authorities for cyber threats but can be blocked. The related data on the topic is also distributed by the array as it is defined to cyber people in organizations and businesses around the world.
However certain companies, even though some of the bugs have been fixed for more than a year, have not yet introduced the same fixes to their programs. Inspection of the framework showed that over 2,000 Israeli organisations are actually vulnerable to cyber attacks because of at least one flaw in their systems:
- Pulse Safe + Fortinet VPN – a remote-connection technology.
- F5 BIG-IP – a tool used on many websites for the security and usability of WEB applications.
- Citrix ADC — Engineering that helps a company to secure remote access to corporate resources and firewalls that protect the resources of the organization.
Windows Zerologon – An interface that is used to track or troubleshoot problems with recognition and login.
- Windows Exchange – an email program that is commonly used in enterprises.
Weaknesses are used for a number of reasons, like identity stealing, malware delivery, device remote control, and ransomware distribution, which is an integral aspect of assaults. Based on an investigation into hundreds of cyber events that have been treated during the past year the list was constructed. Weaknesses were and still are the key route of assault and infiltration into Israeli targets, it appeared. The array agreed that in order to attempt to carry out an attack through them, cyber-attackers are actively searching and looking for where those loopholes are available in Israel.
The array advises that organisations ensure that the software changes have been enforced and are safe from attempted attacks on these routes by them and organizations that supply them with support. In the past year the cyber infrastructure has also provided spot warnings about the need to urgently update these vulnerabilities, many of which have been described as critical and routinely abused by attackers. Thousands of companies were informed by phone to vulnerabilities in their processes by the array.
A list of 25 vulnerabilities in different security items that are targeted by attackers, including the vulnerabilities revealed above, was also released this month by the US Cyber Network (CISA).
According to Paul Moskowitz, head of the national cyber array’s organizational arm: “Attackers have taken advantage of and continue to exploit these weaknesses, allowing attackers to access the organization’s internal and critical assets relatively easily. And especially in VPN technology. “
The corona crisis has changed the face of employment, commerce and services absolutely. The use of the Internet, smartphones and computers has grown, and an organization vulnerable to cyber threats is often placing its clients or service users at risk. A significant proportion of attacks in Israel are carried out via attack vectors which directly exploit the vulnerabilities observed by the cyber infrastructure, according to data obtained from Impreva.
Impreva statistics reveal that in descending order) the most attacked industries in Israel are: small and medium-sized companies, commerce, the health industry, computers and IT and games. The scope of attacks could cross half a million attempts to break in and exploit vulnerabilities on an average day. Robotic attack systems are run by professional hackers who can automatically detect and exploit vulnerabilities.
These flaws are also being used by hackers working under the auspices of countries like Iran, Turkey or China to break into protected networks. One of the attacks carried out last year against Iran’s water resources took advantage of a common vector of attack.
It is impossible to determine the factors that prohibit security flaws in the organization’s operating systems from being repaired and prevented. These may be attributed to the shortage of staff, expenditure or merely the absence of the concerned parties’ knowledge or professionalism. Managers quite frequently do not realize the value of keeping those flaws intact.