We often believe that this does not affect us, that only large companies are targeted, but this is not the case, and it is not always up to us to be vigilant. The internet is no different from the street: you are out and about, there is a lot of traffic, and some people are not paying attention, and before you know it, it has happened. Businesses in particular want to have a lot of traffic on their websites or social media platforms in order to generate more business. To achieve this, they use all the possibilities offered by search engine optimisation (SEO) and advertising measures of all kinds to maintain their reach and visibility in the vastness of the internet. But it’s not just customers who find the business, it’s also criminals who want to take money from you or your employees using various technical methods or simply by being persuasive.
Cyber insurance not only helps to compensate for the resulting damage and business interruption and to restore data and systems, among other things. Good cyber insurance ensures that domains are checked for vulnerabilities, for example, as soon as the application is submitted, and offers help to better protect the business against cyber attacks.
Sicher Sicher Cyber insurance offers these and other assistance services and, in the event of damage, real professionals are on hand around the clock.
Get an offer for cyber insurance
What are vulnerabilities and what should you check?
Why does Sicher Sicher Cyber search for open ports and vulnerabilities?
Does Sicher Sicher Cyber monitor all open ports?
What are vulnerabilities and what should you check? Here are a few points for a better understanding.
What is a port?
Computer applications and services typically communicate via numbered ports (there are 65,535 ports in total). Each port number refers to a specific application or service that enables computers to distinguish between the different types of traffic that can run over a single network connection. For example, web traffic is usually handled via port 80, and emails that use the IMAP (Internet Message Access Protocol) protocol use port 993. Microsoft’s RDP (Remote Desktop Protocol) uses port 3389.
What is an open port?
An open port is a port that is configured to accept packets. For an open port to be visible on the Internet (to Beazley or others), a company’s firewall must be configured to allow connections from the public Internet through that open port.
Why does Sicher Sicher Cyber search for open ports and vulnerabilities?
Many cyber attackers regularly and automatically scan the entire Internet for computers with open ports and check whether a service (e.g. email, web, FTP, remote access) is listening on that port or not. If a company exposes certain services or ports to the Internet, attackers repeatedly query that port and attempt to exploit potential vulnerabilities in the services or software products they find. These vulnerabilities may give them access to the network behind the unprotected port, allowing them to carry out further malicious activities.
What is a IT vulnerability?
A vulnerability is a security gap or error in computer software that could allow an attacker to use the software in a way that was not intended by the manufacturer and is usually malicious, in order to perform unauthorised actions on a computer system. When vulnerabilities are discovered, they are typically added to a public CVE (Common Vulnerabilities and Exposures) list and assigned a CVE ID or number (in the format CVE-2021-12345).
What does Sicher Sicher Cyber do with my infrastructure?
Sicher Sicher does not scan your infrastructure. Beazley uses various tried-and-tested public services (e.g. Censys and Shodan) that track information on services exposed to the public internet and match this data with the IP ranges that Sicher Sicher Cyber considers relevant to the insured’s infrastructure.
Does Sicher Sicher Cyber monitor all open ports?
Sicher Sicher does not monitor all 65,535 ports or all services accessible to the public internet. Sicher Sicher Cyber focuses on ports or services that enable remote access to an environment, such as Virtual Network Computing (VNC) on port 5900 and Microsoft’s Remote Desktop Protocol (RDP) on port 3389. Sicher Sicher also monitors services that are legitimate within an organisation but become dangerous when exposed to the public internet, such as the Samba/SMB protocol (usually found on ports 139 and 445).
Cyber Risks Examples:
What are the risks with Remote Desktop Protocol (RDP)
Remote Desktop Protocol (RDP) is a system developed by Microsoft that provides users with a graphical interface that allows them to connect to another computer via a network connection. An RDP service that is immediately visible and accessible from the Internet can make a company extremely vulnerable to cyber attacks.
Remote Procedure Call (RPC)
In a remote procedure call (RPC), a computer program causes a program on another computer to execute. Certain RPC services that are directly visible and accessible from the Internet make a company very vulnerable to cyber attacks.
The Risk using Windows PowerShell
Windows PowerShell is an automation, administration and management tool developed by Microsoft. It can provide highly privileged access to certain systems. Windows PowerShell services that are directly visible and accessible from the Internet can make a company vulnerable to cyber attack
Access services for developers – entry for cyber attacks
Access services for developers enable a direct connection to the computer systems you use to conduct your business operations. The use of software that is no longer up to date or has a known vulnerability makes these services open to attacks and service outages. Newly discovered software vulnerabilities are publicly disclosed as a warning to all users of the vulnerable products and as part of the solution process for software developers. Unfortunately, attackers also share tools and methods that can be used to exploit these vulnerabilities as soon as they become public knowledge.
Cyber Attack Entry gate -Virtual Network Computing (VNC)
Virtual Network Computing (VNC) is a system that allows a user to control another computer remotely. A VNC service that is immediately visible and accessible from the Internet can make a company a gateway for cyber attacks.
Samba or Server Message Block (SMB) – Cyber Risk dance
Samba or Server Message Block (SMB) is a communication method that enables shared access to files on a network. Under certain circumstances, Samba services that are immediately visible and accessible from the Internet make a company vulnerable to cyber attacks.
Cyber attack risks via TeamViewer
TeamViewer is a proprietary software application that supports remote control of computers. TeamViewer services that are immediately visible and accessible from the Internet can make a company vulnerable to cyber attacks.
Cyber Risks based on Windows Server 2008
Windows Server 2008 reached the end of its life cycle on 14 January 2020. This means that this operating system is no longer supported by the manufacturer and that any newly discovered security vulnerabilities will no longer be fixed and can be exploited by hackers. Continuing to operate this server without product support after this date leaves a company open to attacks and service outages.
Exposed database – a few cyber risks at one time
A database should not use a port that is directly visible and accessible from the internet. Open access allows attackers to easily access the system to control assets, steal data or install ransomware. This could lead to a breach of sensitive information security.
For more information regarding cyber security, check out the Irish National Cyber Security Centre (NCSC) website. Also don’t miss to check your liabilities and see how you can protect them on our Professional and corporate Liability insurance page.