Zero-Day Eye Opener

On December 10, 2021, security professionals learned a lesson the hard way. Apache’s widely-used Log4j (CVE-2021-44228) was the victim of a zero-day vulnerability. Some of the largest names in the industry used this open-source platform for data logging, the heart of their IT solutions.

Before the security event, many of the same organizations that used Log4j were not aware of how it affected the security of their environment. This is because they overestimated how easy it is to successfully “hack” a business. In this blog, I will explain how even a high school student could gain access to your login credentials.

How Hard Is Hacking, Anyway?

Being a Certified Ethical Hacker myself, I understand that hacking is not the impossible task it once was in the early days of the internet. Today, anyone can find extensive information just through a simple Google search. I have included one such example from my labs to demonstrate how easy hacking can get if you know how to find the right information.

 

1. This is the enumeration technique. Running an Nmap with the correct parameters should reveal a lot of information.

 

2. In this example, you can see PHPSESSID for the HTTP traffic with HTTPonly flag not set. The requested source is a login.php.

 

3. For this scenario, let us assume we do not know what any of this means. I made a simple search based on the information I found out.

 

4. With the first search, I find out PHPSESSID is a way php stores cookies.

 

5. Now that I understand that, I did a simple search and found PHPSESSID exploits. I can easily get a bunch of scripts, how-to’s and step-by-step instructions to use this information for my own benefit.

 

6. In this scenario, an amateur hacker with just Google as a tutor has successfully gained the information needed to steal your login credentials using a simple MITM (Man in the Middle) attack.

 

How Can I Prevent Hacks?

The short answer is: you can’t. It is so easy to hack systems that it is better for security professionals to assume a breach has already occurred. This is the zero trust model.

The traditional “castle and moat” security ideology is no longer enough to keep your organization protected. In the zero trust model, you assume a breach has already occurred, and so you verify users at every stage of access.

For instance, if a high school student were to hack your systems and gain login credentials as in the example above, they could be prevented from gaining access to sensitive information with multi-factor authentication.

 

BlackHawk Data Can Help Keep You Secure

BlackHawk Data can help your organization leverage the zero-trust model. We have years of expertise deploying and monitoring solutions in different IT environments as a security and network operations center. We can help you implement stringent policies by applying network security identity access management (IAM) whilst keeping your data and services’ availability in mind.

Let's Talk

Tags: Security