In a highly unusual move, the National Security Agency released research on October 20, 2020, highlighting 25 common vulnerabilities that are being actively exploited by Chinese state-sponsored actors. The NSA issued the alert in order to help companies prioritize vulnerability management. Most of the NSA vulnerabilities can be exploited to gain initial access to networks that are directly accessible from the Internet.
Security and risk leaders should act immediately to determine whether their organizations -- and the organizations that comprise their supply chain -- are vulnerable. It is critical to examine the supply chain -- half of BitSight’s “40 Most Subscribed Entities” have been vulnerable to a NSA-identified Remote Access vulnerability this year.
Leveraging our global telemetry, BitSight is helping organizations gain visibility into some of the most risky vulnerabilities identified by the NSA. We analyzed the security performance records of more than 200,000 global entities across 22 sectors to identify trends across a number of high risk vulnerabilities highlighted in the NSA alert:
When it comes to managing Remote Access vulnerabilities -- including BlueKeep (CVE-2019-0708), Citrix (CVE-2019-19781), Pulse Secure (CVE-2020-11530), and F5 BigIP (CVE-2020-5902) -- no sector is a particularly strong performer. These vulnerabilities are common across a broad range of sectors.
Table 1: BitSight View into Four Major Remote Access Vulnerabilities, By Sector
BitSight is able to identify systems that are potentially vulnerable to the Active Directory vulnerability known as Zerologon (CVE-2020-1472). In October 2020, we were able to identify at least 17,000 systems around the world that are potentially vulnerable to an attack leveraging this vulnerability. In general systems like this should not be exposed outside of the firewall.
Table 2: BitSight View into Zerologon Vulnerability, By Sector
We did not try to directly connect to the Netlogon port on all of these systems, but manual testing on a small subset shows that the Netlogon port is unfiltered in the vast majority of cases.
Some of the vulnerabilities identified by the NSA that exploit internal servers or network devices -- including DrayTek (CVE-2020-8515), Zoho (CVE-2020-10189), and Telerik (CVE-2019-18935) -- appear less prevalent around the world:
Table 3: BitSight View into Additional NSA Vulnerabilities, By Sector
BitSight observes weaker performance in managing vulnerabilities identified by NSA by organizations with massive numbers of employees (>100,000). These massive companies have larger networks and a larger attack footprint, making vulnerabilities more likely to be exposed.
Table 4: BitSight View into Four Major Remote Access Vulnerabilities, By Size
An examination of country rates of vulnerability finds different levels of performance across the four major Remote Access vulnerabilities. While China has a higher rate of BlueKeep (CVE-2019-0708), the United States has a higher rate of F5 BigIP (CVE-2020-5902) and Citrix (CVE-2019-19781). Japan outpaces all when it comes to PulseSecure (CVE-2019-11510).
The number of vulnerable systems within these countries is likely dependent on the adoption of certain technologies rather than policy initiatives. For example, the United States is more vulnerable to F5 and Citrix because these technologies are used more frequently in the U.S. than in other countries.
Table 5: BitSight View into Four Major Remote Access Vulnerabilities, By Country
The NSA alert should raise alarms inside organizations around the world and help them prioritize remediation for these critical vulnerabilities. Organizations must act now to gain visibility into these vulnerabilities within their own organization, as well as their supply chain partners. By identifying and mitigating these critical risks across their ecosystem, they can reduce the risk of becoming the next victim of a state-sponsored cyber attack.
To learn how BitSight can help you manage these and other risks to your organization and your third party ecosystem, contact us for a demo and receive your complimentary vendor portfolio risk report to see where your vendor cyber risks are and how it could affect your cyber risk rating.
BitSight was recently named a Leader in The Forrester New Wave™: Cybersecurity Risk Rating Solutions, Q1 2021. As the creator and largest vendor by market presence in the category, we were honored to be recognized and to be the only...
Vendor risk management is top of everyone’s mind in light of the recent SolarWinds supply chain attack and concerns around weak points in the COVID-19 vaccination supply chains. Both exemplify the need for organizations of all types to...
For obvious reasons, the financial services industry has had the unfortunate distinction of being one of the largest high value targets for threat actors. Research shows that financial services businesses experience 300 more cyber attacks...
© 2021 BitSight Technologies. All Rights Reserved. | Privacy Policy | Security | For Suppliers
Contact Us | BitSight Technologies | 111 Huntington Ave, Suite 2010, Boston, MA 02199 | +1-617-245-0469