Closing the Gap Between Exposed and Exploited

Cisco disclosed a zero-day vulnerability with a maximum severity rating on October 16, along with evidence that the vulnerability was actively being exploited. BlueVoyant closely monitors incidents like this for our clients. When these vulnerabilities are announced, cyber criminals are exploiting them sooner than ever. This creates a race to close the exposure before your internal environment and extended supply chain can be exploited.

Within hours of the disclosure, BlueVoyant’s threat intelligence identified that 50% of companies under observation had one or more third parties impacted by this vulnerability. BlueVoyant also notified its clients on which vendors and specific assets were already compromised by bad actors.

How BlueVoyant SCD Responded

BlueVoyant Supply Chain Defense (SCD) rapidly identifies instances of emerging vulnerabilities across an organization’s entire third-party attack surface, and with the support of expert analysts in our Risk Operations Center (ROC), collaborates directly with supply chain vendors to ensure mitigations have taken place.

At the time of notification for the Cisco zero-day, there was no patch available. However, BlueVoyant still encouraged customers and their impacted vendors to follow Cisco’s advisory and disable the HTTP Server feature on all internet-facing systems.

In order to identify the extent of our clients’ supply chain cyber risk exposure, we utilized our own external method of directly assessing the vulnerable infrastructure to determine if it had been compromised. Once we had attained the necessary details to achieve the high levels of accuracy we require, ROC analysts immediately started messaging clients about the compromise, how to mitigate the vulnerability, and subsequent follow up actions such as updating passwords on credentials that were likely to be impacted.

Moving Forward

BlueVoyant analysis consistently confirms threat actors are exploiting zero-day vulnerabilities faster than ever before. Pinpointing each affected asset across your vendor ecosystem within hours of becoming aware of the vulnerability greatly reduces the chance of a targeted system being exploited—and reduces the potential impact a vendor might have on your operations.

However, the delay in an available software fix for the Cisco vulnerability means that we are likely to feel the follow-on impact of this attack in the months and years to come.

A recent CISA report on the top exploited vulnerabilities of 2022 highlights the danger of going unpatched. More than half of the top routinely exploited vulnerabilities originated in the prior year or older.

As new zero-day vulnerabilities continue to make the headlines, it is important to note their connection to older software versions that had other existing CVEs linked to it. If organizations take action to mitigate immediately, they can avoid additional vulnerabilities for the same or older software versions.

Organizations that want to minimize damage between the time critical vendor or supplier assets are exposed and potentially exploited need to invest in continuous monitoring of their extended supply chain ecosystem. BlueVoyant SCD closes the gap with rapid identification of an organization’s total cyber risk exposure and continuous monitoring for new and emerging threats.