Understanding the Latest Big Windows Vulnerability – SIGRed (CVE-2020-1350)

Understanding the Latest Big Windows Vulnerability - SIGRed (CVE-2020-1350)

One of the most significant vulnerabilities detected in years is yet another way that the year 2020 seems to be piling on a lot of crisis in several ways.

SIGRed (CVD-2020-1350) is what’s known as a worm vulnerability and its in Windows DNS server. It impacts Windows Server versions from 2003-2019. The DNS (domain name server) translates a website URL to the IP address of the server hosting that site, so it’s a common process that’s used all the time.

In a nutshell, what SIGRed does is trick a DNS server into connecting to a malicious server for a DNS query. The response provided by the malicious server exploits a record length vulnerability, allowing an attacker to get domain admin rights and compromise the entire network.

Once a company’s network is compromised, they can be in trouble in multiple ways, especially if they don’t have a backup and disaster recovery plan in place.

Microsoft noted that SIGRed is “wormable” (i.e subject to a worm vulnerability), but what does that mean exactly?

What is a “Worm” Vulnerability?

A worm vulnerability is particularly dangerous because it means that a malicious code doesn’t just stay on the infected device. Worm malware is designed to spread, device to device, automatically and without any human interaction being needed.

The worm takes over critical controls of the infected device and then scans for other devices to infect. A worm spreads through your network like a cyber pandemic, infecting everything it can.

Notable Worm Examples

Worms are a particularly prevalent form of malware and one of the most dangerous because of the speed at which they spread. This means that any servers with the SIGRed vulnerability left unpatched, could become infected and spread a major attack throughout a company’s network.

Here are a few notable worm examples in recent history:

  • ILOVEYOU: This worm was also known as the Love Bug Worm and it spread quickly throughout computers in 2000 due to its ability to access email addresses found in a user’s Outlook contacts list.
  • MyDoom: Another worm that is one of the fastest spreading of all time is MyDoom. It attacked tech companies with a Distributed Denial of Service attack from multiple hijacked computers. As many as 25% of all emails were infected with MyDoom in 2004. The cost was estimated at about $38 billion.
  • Storm Worm: In 2006/2007, Storm Worm was spread through phishing emails with a subject line about a deadly storm in Europe. The email had a link to the news story, but it went to a malicious site, infecting the user’s computer then quickly spreading from there.

What Type of Damage Can Be Caused?

Worms can do all types of damage to your network because they quickly and automatically look for any device they can infect next, giving them a scale that not all malware has.

Privilege Escalation Across Your Network

Worms can infect a system and escalate their privileges, meaning they exploit vulnerabilities that grant them higher privileges and access into system resources. This allows worms to virtually take over your computer while they’re spreading throughout your network.

Launching Cyber-Attacks Against Others From Your network

A worm can take over the devices on your business network and then use those to launch a targeted attack on another company or even a government agency.

When investigators are looking for the perpetrator of the attack, they won’t find the attacker, instead they’ll find your business network. (KNOCK KNOCK / Who’s there? / SWAT TEAM!!!)

They Can Take Down Your Business with Ransomware

Ransomware is a growing problem that keeps getting worse every year. So far in 2020, there’s been a rise in ransomware of over 6% and a rise in companies that had to pay a ransom of over 12% (57.7% paid a ransom).

Your entire data infrastructure is at risk in a ransomware attack. Not only is your data unusable, which can shut down a business, it also can be stolen and sold on the Dark Web.

Once an attack has happened, your options are limited. Many businesses have to start from scratch after dealing with a ransomware attack, because they weren’t prepared. Even those that pay the ransom may not get their data back, about 33% never do.

How to Protect Yourself from SIGRed & Similar Threats

It’s only a matter of time until this vulnerability is exploited and impacts your organization – either SIGRed or another worm.  Don’t think IF, think WHEN as you plan a cybersecurity strategy, because the data shows that cyberattacks are only increasing.

Two significant ways to protect yourself include:

  • Applying all security updates to your devices quickly, this includes operating system, software, and firmware updates.
  • Having a maintenance agreement with the right IT partner can keep you protected and proactively prevent a worm infection from happening.

Ensure You’re Protected from SIGRed & Other Vulnerabilities

Skyline Business Technology can help your Wabash area business ensure your devices are “immunized” and protected from the next big worms coming your way.

Contact us today to schedule a consultation. Call 260-225-3133 or reach us online.