The Ivanti Threat Thursday Update for October 19, 2017: The Devil(s) Inside

Greetings. In this episode, a critical vulnerability in a widely used Wi-Fi security protocol, and new cybersecurity requirements for U.S. government agencies. Moved to express an opinion, reaction, or suggestion? Feel free to share. Thanks in advance.

KRACK: Coming to a Wi-Fi Network Near You?

A researcher at a Belgian university has discovered a significant vulnerability that can potentially affect every Wi-Fi network and device supporting the ubiquitous WPA2 security protocol.

  • Mathy Vanhoef is a researcher at the imec-Distrinet Research Group, part of the Computer Science Department at Belgium’s KU Leuven. As posted at the research group’s web site, Vanhoef discovered a way to circumvent the WPA2 security protocol.
  • “Whenever someone joins a Wi-Fi network, a 4-way handshake is executed to produce a fresh encryption key for all subsequent traffic. To guarantee security, a key should be installed and used only once. But by using the key reinstallation attack (KRACK) [discovered by Vanhoef], an attacker can trick a victim into reinstalling an already-in-use key allowing him to steal sensitive information or even, depending on the network configuration, inject malware into a website.”
  • At a web site he built devoted to the newly discovered vulnerability, krackattacks.com, Vanhoef notes that it “works against all modern protected Wi-Fi networks.” “To prevent the attack, users must update affected products as soon as security updates become available.” A list of related Common Vulnerabilities and Exposures (CVE) is posted at the web site of the Coordination Center of the non-profit Software Engineering Institute’s computer emergency response team (CERT/CC). Each CVE potentially affects multiple vendors’ products, according to Vanhoef.

What We Say: This vulnerability is only one of the latest real-life reminders of the importance of timely, comprehensive software patch management. Experts at Ivanti and around the world agree: Consistent patching of applications and operating systems can greatly reduce the attack surface of any enterprise IT environment. Ensure that effective patch management is part of your multi-layered cybersecurity strategy, and that it extends to as much of your environment as possible. (See “The Equifax Breach, Patch Management, and Your Cybersecurity.”)

U.S. Department of Homeland Security Raises Cybersecurity Bar for Federal Agencies

The same day the KRACK Wi-Fi vulnerability was publicized, the U.S. Department of Homeland Security (DHS) issued new cybersecurity requirements intended to improve resistance of federal agencies to email spoofing and other hacker attacks.

  • As Federal Computing Week reported, a new DHS “binding operational directive” gives federal agencies 90 days to implement “Domain-based Message Authentication Reporting and Conformance (DMARC) and STARTTLS. DMARC is an email authentication tool designed to prevent email spoofing and provide data on where a forgery may have originated. STARTTLS helps protect against passive man-in-the-middle attacks by allowing for email encryption while data is in transit.”
  • “The directive also requires agencies to switch all publicly accessible federal websites to HTTPS [Hyper Text Transfer Protocol Secure] and HSTS [HTTP Strict Transport Security]-secure connections within 120 days.” “’According to DHS’s Cyber Hygiene scanning data, seven of the ten most common vulnerabilities seen across federal agency networks at the issuance of this directive would be addressed through complying with the required actions in this directive related to web security,’ wrote Acting DHS Secretary Elaine Duke in a memo to Office of Management and Budget Director Mick Mulvaney.”

What We Say: The new DHS directive underscores the power of basic tools and techniques to improve cybersecurity significantly. It also highlights the tendency of government agencies, like enterprises, to be less than consistent in the comprehensive, timely implementation of such tools and techniques. Your IT and cybersecurity efforts should include powerful discovery, inventory, and reporting abilities, to ensure that no resources or users are left behind. (See “Three Components Required for a Complete IT Asset Management Solution (Part 1 of 4): Six Common Objectives” and “Reporting: The Sports Journalism of IT.”)

Improve Your Cybersecurity. Ivanti Can Help.

Ivanti solutions can help you discover and inventory what’s in your environment, and ensure that your client and server system patches get and stay up to date. Ivanti can also help you gain and maintain control over your users’ applications, devices, and admin rights, and combat and remediate malware and other attacks. Ivanti can also help improve reporting and analysis of actions, behaviors, events, and trends across your IT infrastructure and security estate.

Explore our solutions online. Then, get in touch with Ivanti. Let us help you improve security and agility at your enterprise, and help you get closer to fully realizing The Power of Unified IT™. (And thanks in advance for continuing to read, share, and react to our Patch Tuesday and Threat Thursday updates!)