Over the last few years, we have seen a rise in breaches being caused by a lack of patching. A study published by ZNet in 2019 suggested that rise is over a third.
Not a big news revelation I know. However, there is a rather worrying new trend happening – hackers are patching your systems for you!
Why would a hacker secure your environment I hear you ask?
It’s an interesting question, so I spoke to our Security Operations Centre team and our Ethical Hackers for their thoughts on why this is becoming more common.
Very simple, you have been hacked by a not so friendly hacker who is inside your network either gathering data, or just leaving a door open for the future when they have time to come back and root around your data or intellectual property. Therefore, he fixes your vulnerabilities for you but leaves himself a way back in. This means that when you run your external penetration tests it all looks secure.
This one interests me a lot, but also scares me given my reliance on Internet of Things (IoT) devices – things like Amazon Echo, Google home, Nest Cam, Hive, Ring and so on. Even my fridge and oven can now be connected to the internet to be controlled (but that’s too far for my liking).
Now we have friendly hackers, or so it seems, who will patch your vulnerable systems before the non-ethical (bad) hackers attack them. This sounds great on the surface, vigilante hackers out to save the world!
What I discovered from speaking to our Ethical Hacking team is that this does not always help. We find that these friendly viruses, or ethical worms, can have vulnerabilities themselves and can be exploited by non-ethical hackers.
Vigilante viruses are nothing new and we should not be overly alarmed, but it does bring me to my main question:
If you’re not patching your systems then who is?
If, like many companies we meet, your IT team spend more money on products than patching and securing current systems, then it is likely you’re backing the wrong horse.
Hackers commonly use free and paid tools like Nessus to identify companies with weaknesses. These tools can be complex to use to their full potential, but it’s worth having a trained member of staff or a trusted 3rd party to run tests at least monthly to show you what the hackers around the world see.
If you or your service provider can run the same tools hackers do, but on a regular basis and fix any findings, then you’re much less likely to Google ‘incident response companies’ in the near future.
If you’re concerned about how up to date your company’s patching is, or you just want a general chat on Cyber Security matters, please get in touch.