Top 3 security vulnerabilities in Austria: How secure are your servers?

18. October, 2021

One of the most important security rules is: Keep your systems up-to-date and patch any vulnerabilities you find as quickly as possible. Up-to-date software offers fewer attack surfaces and makes it much more difficult for cybercriminals to gain unauthorized access to your systems.

In order to find vulnerabilities, both security officers and cybercriminals use different methods, such as security scanners. Applications can be used to search for specific systems and services, publicly accessible web servers, webcams, Raspberry Pis, game consoles or other IoT control systems. They provide the firmware version, the operating system, or indicate whether the systems are accessible with standard passwords or operated with outdated, faulty software.

Top 3 security vulnerabilities in Austria

The team from cert.at (Computer Emergency Response Team Austria) thus took a look at the domestic security situation at the beginning of October. [1] According to the cumulative result, the three most widespread critical security vulnerabilities in Austria are as follows:

  • 1st place: Server with OpenSSL vulnerabilities “Logjam” and “Freak” from 2015: 7.334 gaps found (CVE-2015-0204 & CVE-2015-4000) [2]
  • 2nd place: Microsoft Exchange Server Remote Code Execution Vulnerability: 2.458 gaps found (CVE-2021-31206) [3]
  • 3rd place: Microsoft Exchange ProxyShell 2.349 (3*783) gaps found
    (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207) [4]

The almost historic OpenSSL vulnerabilities on rank 1 are not exactly uncritical, but rank 2 and 3 are much more worrying. Particularly worrying vulnerabilities are still widespread on the widely used Microsoft Exchange platform.

It could be deduced from the results that approximately 3,000 to 4,000 central communication servers of companies in Austria could be easily taken over by external attackers and misused as a springboard into internal areas – although security updates have been available for some time to fix the vulnerabilities.

Have you installed all updates?

Worth reading:

5 tips for secure remote management

IBM Data Breach Report 2021: the four main findings

Sources:

[1] https://cert.at/de/aktuelles/2021/10/shodan-verified-vulns-2021-10-01

[2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204

[3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31206

[4] https://www.zerodayinitiative.com/blog/2021/8/17/from-pwn2own-2021-a-new-attack-surface-on-microsoft-exchange-proxyshell

SIEM

What is a SIEM?

Nozomi Guardian Air
HarfangLab Guard
MITRE ATT&CK Framework
v.l.n.r.: Joe Pichlmayr (CEO IKARUS) – Anouck Teiller (CSO HarfangLab) –Alexander van der Bellen (Bundespräsident Österreich) - Frédéric Joureau (Erster Botschaftsrat der französischen Botschaft in Wien) – Christian Fritz (COO IKARUS)
EDR
Cyber Kill Chain
Business Email Compromise
Prognosen für die zehn größten Cybersecurity-Bedrohungen für 2030
E-Mail Verschlüsselung
Schritt für Schritt zum Notfallplan für IT-Security-Incidents
Account Management
Bedrohung
Indicators of Attack
Gefahren durch vertrauenswürdige Services
Threat Intelligence

WE ARE LOOKING FORWARD TO HEARING FROM YOU!

IKARUS Security Software GmbH Blechturmgasse 11
1050 Vienna

Phone: +43 1 58995-0
Sales Hotline:
+43 1 58995-500
sales@ikarus.at

SUPPORT HOTLINE

Support hotline:
+43 1 58995-400
support@ikarus.at

Support hours:
Mon – Thu: 8am – 5pm
Fri: 8am – 3pm
24/7 support by arrangement

Remote maintenance software:
AnyDesk Download