Top 3 security vulnerabilities in Austria: How secure are your servers?

18. October, 2021

One of the most important security rules is: Keep your systems up-to-date and patch any vulnerabilities you find as quickly as possible. Up-to-date software offers fewer attack surfaces and makes it much more difficult for cybercriminals to gain unauthorized access to your systems.

In order to find vulnerabilities, both security officers and cybercriminals use different methods, such as security scanners. Applications can be used to search for specific systems and services, publicly accessible web servers, webcams, Raspberry Pis, game consoles or other IoT control systems. They provide the firmware version, the operating system, or indicate whether the systems are accessible with standard passwords or operated with outdated, faulty software.

Top 3 security vulnerabilities in Austria

The team from cert.at (Computer Emergency Response Team Austria) thus took a look at the domestic security situation at the beginning of October. [1] According to the cumulative result, the three most widespread critical security vulnerabilities in Austria are as follows:

  • 1st place: Server with OpenSSL vulnerabilities “Logjam” and “Freak” from 2015: 7.334 gaps found (CVE-2015-0204 & CVE-2015-4000) [2]
  • 2nd place: Microsoft Exchange Server Remote Code Execution Vulnerability: 2.458 gaps found (CVE-2021-31206) [3]
  • 3rd place: Microsoft Exchange ProxyShell 2.349 (3*783) gaps found
    (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207) [4]

The almost historic OpenSSL vulnerabilities on rank 1 are not exactly uncritical, but rank 2 and 3 are much more worrying. Particularly worrying vulnerabilities are still widespread on the widely used Microsoft Exchange platform.

It could be deduced from the results that approximately 3,000 to 4,000 central communication servers of companies in Austria could be easily taken over by external attackers and misused as a springboard into internal areas – although security updates have been available for some time to fix the vulnerabilities.

Have you installed all updates?

Worth reading:

5 tips for secure remote management

IBM Data Breach Report 2021: the four main findings

Sources:

[1] https://cert.at/de/aktuelles/2021/10/shodan-verified-vulns-2021-10-01

[2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204

[3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31206

[4] https://www.zerodayinitiative.com/blog/2021/8/17/from-pwn2own-2021-a-new-attack-surface-on-microsoft-exchange-proxyshell

Christian Fritz - Loipersdorf 2021
Nozomi-Dashboard_BlackMatters
IBM
save remote
Cyber Versicherungen
Defense in Depth
private
Qlocker 01

Ransomware Qlocker: How to restore your data (for the most part)

Two Austrian security experts analyzed the method the hackers used and found out, that they made a mistake.
Fax
Beat The Best
malicious-code
Microsoft Exchange

WE ARE LOOKING FORWARD TO HEARING FROM YOU!

IKARUS Security Software GmbH Blechturmgasse 11
1050 Vienna

Phone: +43 (0) 1 58995-0
Sales Hotline:
+43 (0) 1 58995-500

SUPPORT HOTLINE

Support hotline:
+43 (0) 1 58995-400

Support hours:
Mon – Thu: 8am – 5pm
Fri: 8am – 3pm

Remote maintenance software:
AnyDesk Download