This April, Cognizant fell prey to a nasty ransomware attack whose ripple effect has shaken the world. 

Cognizant has over hundreds of Fortune 500 companies as its customers and this recent attack finds them literally over the barrel, scrambling for cover. The full impact of this attack will be known in the months to come… though the company expects to lose between $50 Million to $70 Million to cover legal, consulting, security restoration and remediation work. 

The fact that this ransomware attack happened right after employees started working remotely is significant!

Remote working has become the new normal in the past months and might just be a new working model for many companies in the future. 

A recent white paper (Cyber Risk in working remotely) released by Cyber Security Works paints a disturbing picture of the vulnerabilities that exist in popular tech stacks used today. 

Key Findings

The report provides an in-depth analysis of popular tech stacks and their inherent vulnerabilities – 

  • Trends of weaponization of vulnerabilities in tech stacks over the past decade. 
  • Prioritization of vulnerabilities by the weaponization.
  • A list of top 3 vulnerabilities in each technology.
  • A priority list of CVEs that needs to be fixed first.
  • Spotlight on applications that have the maximum number of vulnerabilities. 

Vulnerabilities in Tech Stacks

  • We examined an overall 4849 vulnerabilities in tech stacks (encompassing VPN, Access Service, Database, Web Proxy, Web Gateway, CRM, Business Intelligence, Backup & Storage, Online conference). 

Vulnerabilities prioritization across Enterprise Technologies

  • Out of these, over 543 CVEs have been weaponized, and 6 CVEs are vulnerable to ransomware!

  • We found the maximum number of vulnerabilities in Database (1449), Online Conference (877), and Backup & Storage technologies (745). 

Weaponization of CVEs for Enterprise Technologies

  • Out of these, remote code execution (RCE) is possible for 45 vulnerabilities in Backup and Storage technologies and for 25 vulnerabilities in Database. 

  • A total of 473 critical vulnerabilities were found among all the technologies that were examined. Of these Online Conference solutions has over 220 vulnerabilities, followed by Backup & storage which has 108 vulnerabilities.

  • The trend in weaponization also gave many insights. For one thing, the weaponization rates have been increasing considerably since 2015. In 2017, 47 vulnerabilities became weaponized (out of 803 CVE in total). 

Weaponization of CVEs (2010 -2020)

Vulnerabilities undetected by popular scanners

Popular scanners like Nessus, Nexpose, and Qualys have missed around 102, 158, and 131 vulnerabilities.

Unique vulnerabilities that can be executed remotely like the below-given list were missed by all three scanners.

  1. CVE-2017-12815
  2. CVE-2017-18362
  3. CVE-2017-15376
  4. CVE-2010-3128

Here is a count of CVEs that were missed by scanners –

Technology Nessus Nexpose Qualys
VPN 6 12 8
RAS 5 8 5
Database 23 49 32
Web Proxy 2 5 3
Web Gateway 1 12 3
CRM 5 6 5
BI 4 2 5
Backup & Data Storage 44 46 33
Online Conference 10 22 8
Total 100 162 102

Threat actors have always exploited the inherent vulnerabilities in a software program. A weak code is all that is needed for them to penetrate and steal data. The current circumstances present prime opportunities for them to breach security and spread mayhem. Tech giants like Cognizant have already taken a hit and more will follow in the months to come – if these vulnerabilities are not fixed.

The only way forward in the present situation is to understand the threat and not confuse the lack of weaponization of vulnerability with safety and be complacent about it.  

Click here to download the white paper Cyber Risk in Working Remotely

Share This Post On