Small to mid-sized businesses (SMBs) are more targeted by cybercriminals than ever, according to a new AlertLogic report.
However, there is a way for SMBs to be protected and it involves cushioning the ports that cyber attackers target the most. The researchers also note that the three most popular TCP ports account for 65% of SMB port vulnerabilities.
The Importance of Port Scanning
AlertLogic says that SMBs generally struggle with misconfigurations and gaining visibility to the vulnerabilities these misconfigurations cause is a must. Port scanning, in particular, is crucial to the security of the enterprise as it is done regularly by both attackers and defenders.
“Internal security teams, blue teams, can use regular port scanning to help identify weaknesses, firewall misconfiguration issues, and to discover unusual services running on systems,” AlertLogic researchers said.
In terms of port scanning, being aware of which ports contain the most weaknesses is mandatory. This factor also defines the popularity of ports among attackers and their relative security.
Most Targeted TCP Ports
In this analysis, “given that these ports are the ones that are exposed to the internet it is no surprise that SSH (22/TCP), HTTPS (443/TCP) and HTTP (80/TCP) made the top three with 65 percent of the vulnerabilities“. It is also worth mentioning that the recent MS RDP BlueKeep attack (CVE-2019-0708) targets the fourth most popular port – RDP/TCP.
The BlueKeep vulnerability, tracked in the CVE-2019-0708 advisory was recently exploited against hospitals and medical institutions. This is a dangerous flaw in the last versions of the Microsoft Windows operating system, including the embedded releases. Successful exploitation allows the hackers to carry out remote code execution attacks.
Attacks are carried out by checking if the RDP protocol port (3389) is accessible from the Internet and the service is turned on. When these two conditions are met and the system is not protected from the flaw, it can easily fall victim to the threat. What’s more dangerous about it is that the BlueKeep vulnerability can easily spread across the network from computer to computer.
So, what should an SMB do in order to be protected? “Patch and harden any device, software, or service connected to the port until there are no dents in your networked assets’ armor,” is the researchers’ advice. Also: be cautious as new vulnerabilities appear in old and new software that attackers can reach via network ports. Lastly, change all default settings and passwords and make sure to run regular configuration checks.