This week, security researchers revealed evidence of a new flaw, LogJam, which could allow hackers to weaken encrypted connections between a user and a web or email server. The vulnerability was discovered as part of investigations into the FREAK flaw, found earlier in the year. LogJam takes advantage of software using 512-bit encryption keys and allows a hacker to trick a webserver to think it is using a stronger encryption key than it is. Any organization that patched the FREAK flaw will not be vulnerable to LogJam, and to take advantage of the vulnerability, the hacker needs to be on the same network as the victim.
Currently it feels like a day doesn’t go by without an organization being hacked, or a new security vulnerability being revealed. Over the last year or so we’ve seen a few serious flaws exposed and it’s likely we’ll see many more as the internet gets older and hackers get better at finding and exploiting cracks that have appeared. However, some threats are more serious that others and, while it pays to make people aware of all of them, we need to try and avoid causing mass hysteria each time one emerges.
The fact that LogJam can only be exploited when hackers and targets are on the same network, as well as patches being imminent, means that hype around it is likely to be a bit of a storm in a tea cup. Organizations should, however, use flaws like this as an excuse to give themselves a security health-check. While the fact that someone has to be on the same network to take advantage of the flaw may see many breathe a sigh of relief, they do have to ask themselves one question – would we know if they are and taking advantage? With an increase in remote working, as well as a few high profile breaches perpetrated by a malicious insider, no-one should be resting on their laurels quite yet. We’ve seen countless cyber hacks take months, or even years in some cases, to be identified and remediated, so everyone should really be double-checking they’re clean.
No business is safe today and trying to prevent attacks is becoming almost pointless. If a hacker wants to get in badly enough, they’ll happily spend some time by-passing even the best firewalls and intrusion detection systems. Given this, organizations need to shift their focus from trying to them getting in, to making sure that, when they do, they can get them out as quickly as possible. Businesses now need to have the necessary security intelligence in place, to enable them to detect and respond to threats in hours and minutes – rather than months and days – to be sure they can limit any damage. With flaws like LogJam being identified with increasing frequency, the only real way to know you’re safe, is to know you can stop an attack in its tracks as soon as it gets going.