This article was last updated on February 12, 2024
Table of Contents
Fathom the Menace: Numerous Vulnerable Computer Systems Globally Exposed
A frightening number of computer systems across the globe and a considerable portion of those in the Netherlands are perilously defenceless to cyberattacks from hackers and intelligence agencies. This startling revelation emerges from a detailed investigation conducted by the NOS. The most alarming detail here is that these systems, which are openly exposed to the risks of cyberspace, remain so even when preventative measures are readily available. “In this digital age, there’s a terrifyingly large number of susceptible systems accessible online. Shockingly, these systems could be secured easily, but they are not,” reveals Frank Breedijk, a cybersecurity expert at Dutch Institute for Vulnerability Disclosure. These vulnerabilities can affect various equipment ranging from business network security systems to servers for hosting websites and emails. Unfortunately, this wave of susceptibility even extends to everyday consumers who, for example, have connected a storage system to the Internet. Security breaches can be exploited by cybercriminals to instigate ransomware attacks, apart from intelligence agencies using them for espionage. This was highlighted recently when the Dutch Military Intelligence and Security Service reported a breach in a defence system by Chinese intelligence operatives that exploited outdated software.
Potential Loopholes: Known Vulnerabilities and Active Exploits
The adverse implications of such vulnerabilities are considerable. Take, for instance, a known flaw in Microsoft’s file sharing system patched in 2020. Despite this patch, more than 200,000 systems around the world, including 3,000 in the Netherlands, are still susceptible to it. Notably, this flaw has often been exploited in ransomware attacks, where unauthorized users break into and commandeer systems. Additionally, a similar vulnerability in a popular email server software, patched in 2018 but actively exploited since 2021, is present in almost 45,000 systems globally, including 3,000 in the Netherlands.
The Master Spiel: Decoding the Moves of Cyber Attackers
The infamous BlueKeep vulnerability, which had cyber experts on high alert throughout 2019, remains on more than 55,000 servers globally and over 350 in the Netherlands. There are also instances of vulnerabilities in numerous Microsoft Exchange email software systems. The aforementioned figures provide an estimate – they may not be entirely reliable as certain systems may have been patched, but their status cannot be verified remotely. Moreover, some ethical hackers intentionally impersonate vulnerable systems to monitor and analyze the operations of potential attackers. These weaknesses are highly coveted by cybercriminals. They represent easy opportunities to infiltrate systems. Underground online forums regularly exchange lists of vulnerable computer systems, sometimes for a fee, putting these systems at greater risk of cyberattacks. Despite these threats, Matthijs Koot, an ethical hacker, emphasizes that the situation in the Netherlands is comparatively controlled. However, he adds, “A company could harbor a vulnerable system that has a significant amount of Dutch personal data, both in the Netherlands and abroad. These data often become the targets of ransomware attacks”.
The Noble Pursuit: Identification and Mitigation of Cyber Vulnerabilities
Over four years ago, a group of Dutch hackers joined forces to conduct an organized search for insecure internet-connected devices. This became the backbone for the Dutch Institute for Vulnerability Disclosure (DIVD). Their relentless pursuit of identifying and alerting owners about vulnerabilities in their computer systems is an ongoing initiative. Despite these efforts, there is no significant improvement in the scenario; businesses and organizations are not installing their updates faster. Sometimes issues are resolved swiftly, but they are often negated by new vulnerabilities.
The Hidden Vulnerability: Unnoticed Routers
Addressing these vulnerabilities is no easy task. In many large organizations, certain computer systems exist that are unknown to even the employees, making them soft targets for attackers. Ensuring cyber security is not just a corporate responsibility, but users must also be vigilant. Cybercriminals are adept at exploiting vulnerable devices connected to personal internet networks. Hence, the need to secure every system cannot be stressed enough, whether it’s a giant multinational or an average household. The need of the hour is vigilance in this continuous struggle against escalating cyber threats.