NetworkTigers discusses endemic vulnerability and how to deal with it.
Network managers should remain vigilant in the face of a cybersecurity landscape that is shifting and evolving and that generates explosive opportunities for cybercriminals.
What is endemic vulnerability?
Endemic vulnerability refers to the consistent susceptibility of a network, system, or device to cyberattack or unauthorized access. Endemic vulnerabilities can persist for years, or even indefinitely, and are often inherent to general networking.
Leading causes of endemic vulnerability
Unpatched apps and platforms
A significant cause of endemic vulnerability is software that has not been updated to current security standards. This can happen when automatic updates are not applied to an app, a program is forgotten by the administrator, or when an old version of a piece of software is allowed to remain in use to avoid having to make downstream adjustments that may result from an update.
Because cybersecurity hygiene and protocols vary from one organization to the next, it’s impossible to know that every instance of every bug has been addressed. This causes such vulnerabilities to exist persistently.
Legacy systems
Endemic vulnerability also exists when administrators continue to use products after the developer has ended their support.
Using legacy hardware, software, apps, and platforms creates several vectors through which network penetration, botnet enlistment, and other attacks can be launched.
Whether to avoid rocking the boat or due to budget limitations, unsupported network components generate far-reaching threats to organizations, their customers, and any connected third parties.
A flaw within a widely used piece of software
Some software becomes so ingrained into so many systems that it becomes almost ubiquitous, present in everything from enterprise companies to home networks. When software with this degree of popularity is found to harbor an exploitable flaw, every use of it all over the globe is suddenly at risk.
Even if patches are issued, not every instance of such widespread software can be expected to be addressed. If the product has been in circulation for years, there are undoubtedly cases that have long been unattended or even forgotten.
Threat actors know the software that has become deeply ingrained within the world’s networks, meaning that such products are also regularly probed and prodded for access points.
Human error
The possibility of a mistake made by an employee or network administrator is a vulnerability that is likely never to disappear.
Unlike specific examples of recognized flaws or exploits, human error covers many threats, from misconfigured security features and poor password hygiene to phishing scams.
As long as human beings are involved in creating, using, and maintaining network components, the threat of a mistake will remain.
The Log4j exploit: a recent example of endemic vulnerability
A very recent and widespread example of an endemic vulnerability is the Log4j exploit.
Released in 1999, Apache’s Log4j is one of the most employed examples of open-source software. Providing logging capabilities for Java applications, it is typically used as a software library within other products or Java services. Because of this, many administrators may be using it at a foundational level and unaware of its presence.
In December 2021, a vulnerability within Log4j was disclosed. Upon public acknowledgment of the flaw, hackers immediately exploited it. Because Log4j is so prevalent, the trouble manifested across all sectors and industries, with threat actors taking any opportunity within reach.
While only one flaw was revealed initially, more followed and further intensified the implications of the exploit.
With so many instances of Log4j worldwide, CISA officially determined the threat to be endemic. In a July 2022 publication, CISA warned that “vulnerable instances of Log4j will remain in systems for many years to come, perhaps a decade or longer.”
Homeland Security Secretary Bob Silvers said that “Log4j is one of the most serious software vulnerabilities in history,” it is expected to continue to evolve and create new risks for the foreseeable future.
How to address endemic vulnerability
When a vulnerability is endemic, there is no way to remove the threat. In the same way that managing an endemic virus in the real world focuses on control instead of elimination, keeping your system safe from ever-present danger requires consistent maintenance and awareness.
Thankfully, there isn’t anything extraordinary about fortifying your network against endemic threats. You can practice due diligence by adhering to the following applicable cybersecurity tips:
Update, patch, and maintain
Developers are quick to issue patches that fix issues found in their products. Keeping up with new versions of the software and firmware products that make up your system ensures that you will always employ the best-defended version of every app in your network.
Set up automatic updates so that in an emergency, you don’t have to scramble to install them manually while under a potential attack. With so many products and devices making up a complex system, it can be virtually impossible to keep up with every refresh as it happens.
Security awareness training
Training is imperative for minimizing human error and susceptibility to scams. Employees should be taught how to recognize suspicious activity or messaging and best practices regarding password management and hygiene.
Training needs to be regular. Threats continually surprise us, meaning that yesterday’s training may not be relevant to today’s developments.
Those with network access need to be educated, aware, and vigilant.
Ditch the legacy products
Even if a legacy component or entire network hums along swimmingly in a crystallized form, it should not remain employed.
Unsupported apps and devices should be retired, as the danger of keeping them in circulation only grows with each passing day.
While tight budgets often dictate how an administrator can modernize their system, you don’t need to opt for the latest equipment to take advantage of more robust security. You can purchase refurbished firewalls, routers, switches, and more from reputable outlets to stay under budget.
Stay informed
While the Log4j exploit was heavily publicized across all media, most threats don’t make it into mainstream news.
Keep your head in the game by checking in with cybersecurity news outlets, blogs, CISA, and even the social media accounts of researchers within the industry. In the event of a flaw being exploited in the wild before a developer can patch it, you may be able to find mitigation techniques and other advice to help keep your data safe in the meantime.