Dozens of Slovak companies. Dozens of opportunities for hackers to enter the systems unnoticed. Countless possible cases of loss of control, data leaks, sabotage or blackmail. However, a chance to react in time and strengthen their defenses was given to all potential victims.
“We alerted companies and government agencies about a possible vulnerability several hours before the public exploit was released” said Ján Andraško, SOC Operations Manager at Binary Confidence, on a recent case of serious cyber security threats. “This gave companies affected by the vulnerability sufficient time to take an action.”
Free way to the network
Binary Confidence experts continuously monitor the dark side of the Internet. Even so, they immediately noticed a new threat to Citrix ADC and Gateway network devices, known as CVE-2019-19781. Devices contained a critical vulnerability that allowed unauthenticated attacker to gain control without knowing any credentials.
“An attacker could read and edit a configuration, change passwords, establish a remote connection, and run any commands on the device,” says Binary Confidence. “Because this type of device is often linked to Active Directory user account management software and domain logins and passwords are used to log in to VPN, an attacker has an open way to retrieve them. They can then log on to other computers and servers in the victim’s network” says Andraško. In addition, there was no patch for vulnerability for almost two weeks, just a complicated guide to mitigate its consequences.
Slovak companies at risk
The possibility of attack involved more than 125,000 devices in 80,000 companies worldwide. Slovakia was not safe too.
“We at Binary Confidence are constantly monitoring information about new vulnerabilities. As soon as there are some remotely exploitable, we use publicly available sources and tools to determine if vulnerable devices are also present in Slovakia and whether their administrators have taken any action. If not, we try to contact them and draw attention to a possible problem, ”says J. Andraško. National Cyber Security Centre SK-CERT, with which Binary Confidence has been working for a long time, is also immediately notified about the potential threat.
“In our work, we discover many of the cyber attacks among first. This is one of the reasons why we consider as our duty to notify Slovak authorities and companies regardless they are our clients or not. Consequently, we can also advise them on how to deal with threats, ”says Andraško. “We are guarding the Slovak internet even when no one is watching,” he adds.
Binary Confidence is not an IT company, Binary Confidence is a security company that looks after its clients’ 24 hours a day, 7 days a week. If it detects an attempted penetration, it immediately begins defending.