Last May, our security team counted 790 cases and 36 different categories of vulnerabilities reported by our Belnet Threat Intelligence service across all the organisations connected to our network.
Belnet Threat Intelligence was launched in February 2021 and proactively provides information about potential vulnerabilities in the information systems of all the organisations connected to Belnet. This free, automatic service informs you, for example, of your possible botnet infections. It sends you warnings when your LDAP server, Telnet server or Microsoft SQL server are publicly accessible. It also issues notifications about a potentially vulnerable version of your Network Time Protocol (NTP) server. In short, 36 different categories were listed last month out of a total of 790 vulnerabilities.
Five very common vulnerabilities
Our Security team has provided us with some figures to make you more aware of the potential risks associated with cybercrime. Here are the five most common vulnerabilities detected by Belnet Threat Intelligence this past month:
-
FTP server publicly accessible
32.28% of the vulnerabilities found last month concerned the accessibility of your FTP server. This is currently the most common vulnerability, with 255 reported cases. The FTP server is automatically recognised as vulnerable by Belnet Threat Intelligence when access is public.
To limit the risks of the leakage or corruption of your data, we strongly recommend that you secure your FTP server, for example by placing it behind a VPN. If the latter has to remain public, it is important to keep it up to date.
-
The Poodle vulnerability via SSL
Poodle on the SSL protocol is a very common vulnerability, accounting for 15.95% (126 cases reported) of the vulnerabilities detected by Belnet Threat Intelligence. To proactively guard against this problem and man-in-the-middle (MITM) attacks, we recommend that you migrate to the TLS protocol.
-
The use of Open-TFTP
The TFTP protocol for quickly downloading one or more configuration files from one point to another. This protocol is most at risk when using the Open-TFTP application. 71 cases were reported, representing 8.99% of the vulnerabilities identified by Belnet Threat Intelligence.
There is a high risk that these files will be intercepted by an attacker if your servers are public. We therefore recommend that you use a VPN, as with the FTP server.
-
The use of Open-Portmapper
Portmapper, also known as Remote Procedure Call Bind (RPCBind), is a mechanism for assigning Internet address ports to a programme running on a remote computer. For example, NFS uses Portmapper for file sharing. This usage is recognised as a vulnerability that allows cybercriminals to access data on your PC or use your DOS to go to other websites.
60 such vulnerabilities have been identified by Belnet Threat Intelligence, representing 7.59% of cases.
-
NTP failures
The clock synchronisation protocol on the Internet is not infallible. This fifth vulnerability has been listed 34 times and represents 4.30% of vulnerabilities. NTP servers can be used, for example, for DDoS attack amplifications and are more of a threat to your network than to your end users.
Learn more about Belnet Threat Intelligence
If your organisation is connected to the Belnet network, you already receive Belnet Threat Intelligence automatically and at no extra cost. You receive notifications about a threat or vulnerability in your information systems.
Do you have questions about Belnet Threat Intelligence, or need more technical information on how to use it?