INVITATION TO CYBERSECURITY 232 execution, and nearly every Linux system in the world was vulnerable. CVE-2017-0144 is a Windows known as EternalBlue, and was disclosed within a cache of cyber weapons purportedly belonging to the NSA that were dumped on the Internet in 2017. Later that year, both the WannaCry and NotPetya malware exploited the EternalBlue vulnerability to wreak havoc across the globe. Figure 9.7 The CVE describing the ShellShock vulnerability. In addition to CVEs, major software companies such as Microsoft and Adobe regularly publish security bulletins to disclose vulnerabilities found in their products. In 2003 Microsoft started the tradition of using the second Tuesday of every month to publish their monthly bulletins. Since then, other vendors have followed suit, and this day has become known in the cybersecurity industry as patch Tuesday. Finally, the principle of security as a process is a reminder that just because things seem to be operating normally does not mean that an incident has not occurred. Cyber professionals must diligently monitor logs and look for indicators of compromise. Typically, a significant amount of time elapses between the initial compromise and when hackers are able to achieve their actions on objectives because they need time to orient and position themselves on the network. Dwell time is the amount of time that an unauthorized actor remains undetected on a system or network. Encouragingly, statistics show that average dwell time has been decreasing over the past decade from months to weeks to days. This is partly due to organizations being more proactive in searching for clues of a cyber compromise rather than just assuming that if no obvious damage has occurred, there must not be a problem. As we saw in Chapter 4, there are multiple links in the cyber kill chain after initial exploitation that defenders can interrupt to prevent attackers from achieving their ultimate objectives. The sooner the bad guys are detected, the less likely they will be to accomplish their goals. The principle of security as a process helps organizations to invest in continual improvement and to stay vigilant at all times.
RkJQdWJsaXNoZXIy MTM4ODY=