NSA: Hackers Weaponize Known Vulnerabilities Within 24 Hours

[straycat19]

How do you break into the US military's defense networks? Apparently, hackers are trying to do so by leveraging every publicly-known vulnerability they can find.

The turnaround can be quick, said Dave Hogue, a technical director with the US National Security Agency. Once a security flaw goes public, it can be added into the arsenal of state-sponsored attackers in less than a day.

 

"Within 24 hours I would say now, whenever an exploit or a vulnerability is released, its weaponized and used against us," Hogue said in a talk at the RSA security conference on Tuesday.

The NSA technical director offered a startling example of this by pointing to the credit agency Equifax, which was breached last year using a publicly known vulnerability. According to Hogue, a nation-state hacker decided to leverage that same vulnerability against the Department of Defense's networks —but only a mere 24 hours after details about the security flaw had been made public last March.

"I would say that's absolutely the norm now, where actors use known vulnerabilities" Hogue said.

His talk on Tuesday gave a glimpse into the cyber threats the NSA is routinely trying to fend off. The government agency is charged with protecting the Department of Defense's military networks, which are used by 2.9 million people across the globe.

 

However, many of the threats the NSA is encountering are hardly sophisticated. Hogue said the top attack method the agency is running into are phishing messages.

"We see 36 million emails per day, and we reject about 85 percent of those," he said.

It's also rare for the agency to encounter a "zero-day" exploit, or a cyber attack that leverages a previously unknown vulnerability. In fact, the NSA has not responded to an intrusion that uses a zero-day vulnerability in over 24 months, Hogue said.

Most attacks actually exploit human error and a basic failure to comply with the best security practices. This includes the timely patching of vulnerable IT systems and incorporating two-factor authentication into login processes. State-sponsored hackers simply have no need to break in using their best tools, Hogue said.

Unfortunately, people continue to ignore well-established IT security principles, which exposes them to possible attack, he added.

 

"It's frustrating for me as a network defender, because this advice has been out there for a number of years," Hogue said. To fix the problems, it'll require a "change in culture" and getting organizations and everyday workers to realize the importance of protecting their networks, he added.

For IT admins looking for tips on how to better secure their networks, Hogue recommends they look at the NSA's guidelines on the top five security principles.  You can download those guidelines here.

 

Article

[knowledge-Spammer]

Who is the hackers ?