A NEW MAJOR THREAT
EPIC’s cyber practice has been watching significant developments on system vulnerabilities.
A recent vulnerability, SIGRed’ (CVE-2020-1350), has been categorized as a 10 out of 10 on the Common Vulnerability Scoring System (CVSS). This vulnerability allows for malicious actions to propagate across an impacted network. The result is that any information which is traveling through an infiltrated network can be intercepted and read. Other examples of 10 out of 10 vulnerabilities are WannaCry and NotPetya. The Department of Homeland Security issued an emergency directive for all government servers to be updated within 24 hours of the notice which was issued July 16th.
WHAT IS DNS?
DNS, or Domain Name System, functions as an internet directory which translates domain names to numerical IP addresses.
HOW WOULD IT AFFECT YOU?
Once SIGRed enters a system it is “wormable”, which means it is capable of maneuvering a network without human intervention. If successful, the hacker is granted Domain Administrator rights, and can infiltrate the entire corporate infrastructure. As a result, all organizational data (PII included) would be compromised.
WHAT CAN YOU DO NOW TO KEEP YOUR SYSTEM SAFE?
Although Microsoft has not identified ways to mitigate this risk, they offer patches which are available online. If your organization use Windows DNS Server versions 2003-2019, patch your system as soon as possible. If you are unable to use the patch, Windows also offers a registry modification as a workaround.
This material does not amend, or otherwise affect, the provisions or coverages of any insurance policy or bond procured by EPIC. It is not a representation that coverage does or does not exist for any particular claim or loss under any such policy or bond. Coverage depends on the facts and circumstances involved in the claim or loss, all applicable policy or bond provisions, and any applicable law. Availability of coverage referenced in this document can depend on underwriting qualifications and state regulations.