Unit 42, a leading cyber security insights group from Palo Alto Networks, recently released its Network Security Trends: May-July 2022 report. In the study, it was found that the most common forms of attack in recent months have involved the use of remote code execution, information disclosure, and cross-site scripting. In this article, we will break down these threats and share how insureds can defend themselves against these types of sophisticated attacks.
Remote Code Execution
Remote code execution enables attackers to surreptitiously execute harmful code using an external device. By doing this, bad actors are able to get their foot in the door by gaining preliminary access to sensitive information. Alternatively, cybercriminals can use remote code execution to install malware on a victim’s device. The most common example of this is called ransomware, and it is responsible for many of the major cyber attacks that have occurred during the last few years.
Bad actors in the space can get extremely sophisticated. For example, the FBI found that Hive, a Ransomware-as-a-service provider, extorted over 1,300 global victims to the tune of over $100M worth of hard earned cash.
Insureds looking to defend themselves against remote code execution should consider analyzing their authentication mechanisms for vulnerabilities. Attackers tend to look for low-hanging fruit, and authentication and session management functions are often established incorrectly. Fragile security protocols make it easy for bad actors to gain access to company servers, enabling them to hijack important information via the use of remote code execution. Companies should aim to remediate weak spots as soon as a problem is identified.
The Unit 42 report also mentions the concept of information disclosure. This occurs when confidential information stored on a website is unintentionally revealed to visitors. While it may seem accidental, cyber attackers will often deliberately interact with a website in unexpected ways in an attempt to access privileged information. This can result in the exploitation of hidden names, web directories, or even user databases.
While information disclosure occurs for a number of reasons, it can be avoided by ensuring that internal content is removed from public view. For example, developers who provide internal markups in their website’s code structure should be careful to remove revealing information before deploying their website to the public. In addition, engineers should perform comprehensive checks on their websites, as this can help to identify any bugs or flaws that may unknowingly exist.
According to the Unit 42 report, another leading tactic used in recent cyber attacks is cross-site scripting. Cross-site scripting occurs when malicious code is weaved into the database of a trusted web application. Users who interact with the application are unsuspectingly targeted because their web browser will typically download the script due to the fact that it believes the website is a trusted source. Cross-site scripting gives cyber attackers access to sensitive information stored by the end user’s browser.
Cross-site scripting vulnerabilities can be difficult to identify because they often involve HTTP requests, which are commonly used in legitimate web development projects. One way to implement a primary layer of defense is to remove support for HTTP TRACE on all web servers. This is due to the fact that cross-site scripting attempts frequently rely on HTTP TRACE calls to exploit and collect information stored on an end user’s browser. Failure to remove HTTP TRACE support makes it easier for cyber criminals to access a company’s application, making its system less secure all around.
Insurance providers want to see evidence that insureds are actively involved in safeguarding their cyber security posture. By staying on top of recent trends, retailers can help educate their insureds on the steps necessary to gain cyber coverage and keep their systems safe.
For the full Unit 42 report, please visit: Network Security Trends Report
The Limit Perspective
Limit is a digitally-native wholesale insurance broker working on behalf of retailers in multiple lines of insurance and across the United States. Our platform allows clients to:
- Obtain instant quotes from top cyber insurers
- Find up to $3M in Insurance coverage automatically
- Receive a policy with customizable and comprehensive coverage
- 24/7 support
Limit is building a lean, tech-enabled business that can efficiently deliver insurance policies which are tailored to the needs of individual clients. We have taken some of the first steps to revolutionizing the industry and welcome you to learn more on our website: www.limit.com
Please reach out and connect with us and our representatives on LinkedIn as well.