Server-Side Exploits Dominate Threat Landscape and OT Vulnerabilities Rise 120 Percent Says Skybox Security's Inaugural Vulnerability and Threat Trends Report
Analysis of 2017 threat landscape trends shows that assets most difficult to patch are increasingly vulnerable
SAN JOSE, Calif., Feb. 07, 2018 (GLOBE NEWSWIRE) -- Skybox(TM) Security, a global leader in cybersecurity management, announced today the release of its inaugural Vulnerability and Threat Trends Report, which analyzes vulnerabilities, exploits and threats in play in 2017. The report, compiled by the team of research analysts at the Skybox Research Lab, aims to help organizations align their security strategy with the reality of the current threat landscape.
A trend observed for the last several years has seen threat actors turn cybercrime into a money-making machine. An integral part of this approach means taking the path of least resistance: leveraging existing attack tools rather than developing new ones, using the same attack on as many victims as possible and targeting "low-hanging fruit." Findings of the report shed light on how those "fruits" have changed to include the assets that are generally more difficult to patch.
During 2017, the vast majority of exploits affected server-side applications (76 percent), up 17 points since 2016. Skybox Security Chief Technology Officer Ron Davidson points out that dealing with server-side vulnerabilities is always more difficult because the higher-value assets require more consideration than simply if there is a patch available or not. "As more functions rely on servers than on clients," he explains, "organizations need to have the means to understand these server-side vulnerabilities in context - of the asset criticality, the surrounding topology and security controls, and the exploit activity in the wild. Only then can they accurately decide the optimal patching priority and schedule."
The increase in server-side exploits corresponds with the continued decline in the use of exploit kits relying on client-side vulnerabilities, which accounted for only a quarter of exploits in the wild that year. This is due in part to the demise of major exploit kit players like Angler, Neutrino and Nuclear, with no comparable frontrunner rising to replace them.
"This does not mean, however, exploit kits are gone," said Marina Kidron, senior security analyst and group leader of the Skybox Research Lab. "If there's one thing we know about cybercriminals, it's that they're constantly changing tactics, and so the next 'exploit kit giant' is very likely in development as we speak. We also suspect that some kits have 'gone private,' and are used exclusively by their developers in hopes of prolonging their viability."
Instances of newly-published sample exploit code have also increased, with the monthly average jumping 60 percent in 2017. With minimal adjustments - or none at all - attackers can turn these samples into fully functioning exploits for their own use. This scenario was the case with the NSA EternalBlue exploit leaked by The Shadow Brokers and used in the WannaCry and NotPetya attacks, among others. Such leaks are putting advanced attack tools in the hands of lower-skilled cyberattackers, enhancing the capabilities of an already well-outfitted threat landscape.
"Organizations need to stay up to speed with not only active exploits in the wild," said Kidron, "but also factor in vulnerabilities with available exploit code to their prioritization processes. While the latter set doesn't represent an imminent threat, they can make the jump to active exploitation very quickly - security teams need actionable intelligence at-the-ready when they do."
The report also shows that in 2017 there was a 120-percent increase in new vulnerabilities specific to operational technology (OT) compared to the previous year (OT includes monitoring and control devices common in critical infrastructure organizations such as energy producers, utilities and manufacturers, among others). This spike is particularly concerning as many organizations have poor or non-existent visibility of the OT network, especially when it comes to vulnerabilities as active scanning is generally prohibited.
"OT is too often in the dark, and that means security management isn't getting the full picture of cyber risk in their organization," said Kidron. "Even when patchable vulnerabilities are identified, OT engineers are understandably hesitant to install the update, as it could disrupt services, cause equipment damage or even risk life and limb. Organizations with OT networks need to have strategies in place not just for OT vulnerability assessment and patching prioritization, but also to unify such processes with those in the IT network to truly understand and manage risk."
Overall, new vulnerabilities catalogued by MITRE's National Vulnerability Database doubled in 2017. The jump was largely due to organizational improvements at MITRE and increased security research by vendors and third-parties, including vendor-sponsored bug bounty programs. The result is more than 14,000 newly assigned CVEs. Whatever the reason, it introduced yet more challenges to the teams responsible for managing vulnerabilities. "In 2017, if you were still relying on traditional prioritization methods like CVSS scores only, your laundry list just got longer," said Davidson. "In the year ahead, we may well see an even higher figure. Organizations have got to take a drastically different approach to vulnerability management."
Skybox recommends establishing a threat-centric vulnerability management (TCVM) program to adapt to these changes in the threat landscape and those yet to come. The TCVM approach helps security practitioners focus on the small subset of vulnerabilities most likely to be used in an attack by analyzing them from the interconnected perspectives of the business, network and threats in play.
About Skybox Research Lab
The Skybox(TM) Research Lab is team of security analysts who daily scour data from dozens of security feeds and sources as well as investigate sites in the dark web. The Research Lab validates and enhances data through automated as well as manual analysis, with analysts adding their knowledge of attack trends, cyber events and TTPs of today's attackers. Their ongoing investigations determine which vulnerabilities are being exploited in the wild and used in distributed crimeware such as ransomware, malware, exploit kits and other attacks exploiting client- and server-side vulnerabilities.
For more information on the methodology behind the Skybox Research Lab and to keep up with the latest vulnerability and threat intelligence, visit www.vulnerabilitycenter.com.
About Skybox Security
Skybox provides the industry's broadest cybersecurity management platform, delivering comprehensive attack surface visibility. Skybox delivers the context needed to quickly identify and fix vulnerabilities and security weaknesses within large, complex networks - including physical, virtual, multi-cloud and OT environments. The Skybox(TM) Security Suite integrates with more than 120 networking and security technologies to give insight on how to improve efficiency and effectiveness of vulnerability and threat management and firewall and security policy management.
© 2018 Skybox Security, Inc. All rights reserved. Skybox Security and the Skybox Security logo are either registered trademarks or trademarks of Skybox Security, Inc., in the United States and/or other countries. All other trademarks are the property of their respective owners. Product specifications subject to change at any time without prior notice.
Director of Brand and Communications
408-205-1618 | Tawnya.email@example.com
OneChocolate for Skybox Security
North America: Brian Blank
1-415-606-8381 | firstname.lastname@example.org
United Kingdom: Daniel Couzens
+44 (0)20 7437 0227 | DanielC@onechocolatecomms.co.uk
Germany: Melanie Grasser
+49 (0)89 3888 920 10 | MelanieG@onechocolatecomms.de
France: Xavier Delhôme
+33 1 41 31 75 09 | email@example.com
The issuer of this announcement warrants that they are solely responsible for the content, accuracy and originality of the information contained therein.
Source: Skybox Security via Globenewswire
Följ NASDAQ OMX
Abonnera på våra pressmeddelanden.
Senaste pressmeddelandena från NASDAQ OMX
Mandalay Resources går ut med måldatum för publicering av resultatet för det fjärde kvartalet och hela 2017 samt konferenssamtal19.2.2018 03:42 | Pressmeddelande
TORONTO, 16 februari 2018 (GLOBE NEWSWIRE) -- Mandalay Resources Corporation ("Mandalay" eller "Bolaget") (TSX:MND) meddelade idag att resultaten från det fjärde kvartalet och hela 2017 kommer att släppas efter att marknaden stängt den 21 februari 2018. Detta efterföljs av ett konferenssamtal för investerare och analytiker med Mandalays President och Chief Executive Officer, Mark Sander, den 22 februari 2018 klockan 08:00 (Toronto-tid). Analytiker och investerare inbjuds att delta med följande uppringningsnummer: Deltagarnummer: (201) 689-8341 Deltagarnummer (avgiftsfritt): (877) 407-8289 Konferens-ID: 13676606 En repris av konferenssamtalet kommer att finnas tillgänglig fram till den 8 mars 2018 klockan 23:59 (Toronto-tid), vilken man kommer åt med följande uppringningsnummer: Encore avgiftsfritt uppringningsnummer: (877) 660-6853 Encore-ID: 13676606 För mer information: Mark Sander President och Chief Executive Officer Greg DiTomaso Director of Investor Relations Kontakt: +1.647.260.
Standard Lithium Announces Closing of $21.6 million Bought Deal Private Placement of Units16.2.2018 19:25 | Pressmeddelande
THIS NEWS RELEASE IS INTENDED FOR DISTRIBUTION IN CANADA ONLY AND IS NOT INTENDED FOR DISTRIBUTION TO UNITED STATES NEWSWIRE SERVICES OR DISSEMINATION IN THE UNITED STATES. VANCOUVER, British Columbia, Feb. 16, 2018 (GLOBE NEWSWIRE) -- Standard Lithium Ltd. ("Standard Lithium" or the "Company") (TSX-V:SLL) (OTCQX:STLHF) (FRA:S5L) announced today that it has closed its previously announced bought deal private placement of 10,312,821 units of the Company (the "Units"), at a price of $2.10 per Unit, for aggregate gross proceeds to the Company of $21,656,924, including the issuance and sale of the Underwriters' (as defined below) option (the "Offering"). Each Unit consists of one common share of the Company and one-half of one common share purchase warrant (each whole common share purchase warrant, a "Warrant"). Each Warrant is exercisable to acquire one common share of the Company (a "Warrant Share") until February 16, 2020 at an exercise price of $2.60 per Warrant Share, subject to adjus
Cisco Offers Cloud-Based Endpoint Security Solutions for Managed Security Service Providers16.2.2018 14:00 | Pressmeddelande
Cisco's comprehensive cloud-based security endpoint portfolio provides advanced malware protection, internet security, and enterprise mobility management SAN JOSE, Calif., Feb. 16, 2018 (GLOBE NEWSWIRE) -- Cisco today is helping address the challenges of Managed Security Service Providers (MSSP) and their customers by offering MSSPs comprehensive security, visibility, and control of customer endpoints without added hardware or complexity. The Cisco endpoint security portfolio includes three industry-leading solutions-Cisco AMP for Endpoints, Cisco Umbrella, and Meraki Systems Manager to offer protection against advanced malware and threats. Security teams know the endpoints in their environments are being targeted by advanced threats, but often lack the security talent, tools, and budget to address those challenges. As a result, organizations of all sizes are choosing to augment their in-house IT security with managed security services. Nearly half of SMBs and enterprises in the US1 ar
Aurora Solar Adds Heterojunction Cell Characterization to Decima Gemini Family16.2.2018 14:00 | Pressmeddelande
Aurora Solar Technologies Inc. / Aurora Solar Adds Heterojunction Cell Characterization to Decima Gemini Family . Processed and transmitted by Nasdaq Corporate Solutions. The issuer is solely responsible for the content of this announcement. NORTH VANCOUVER, British Columbia, Feb. 16, 2018 (GLOBE NEWSWIRE) -- Aurora Solar Technologies Inc. ("Aurora") ("Company") (TSX.V:ACU) (OTCBB:AACTF) (FSE:A82) is pleased to provide an update on the further development of its Decima Gemini(TM) infrared measurement technology for applications in the rapidly developing heterojunction (HJT) cell manufacturing market. HJT is an ultra high-efficiency solar cell design pioneered by Japan's Panasonic Corp., who is now also partnered with Tesla Inc. for solar products. According to Solar Media Ltd., HJT production capacity is expected to increase by 20 percent this year. To produce the electrical structure of a HJT cell, it is necessary to apply thin layers of amorphous silicon on both sides of a crystallin
Nasdaq Cited as a Leader in Governance, Risk, and Compliance Platforms by Independent Research Firm16.2.2018 13:35 | Pressmeddelande
NEW YORK, Feb. 16, 2018 (GLOBE NEWSWIRE) -- Nasdaq (Nasdaq:NDAQ) was among the select companies that Forrester invited to participate in its 2018 Forrester Wave(TM) evaluation, Governance, Risk, And Compliance (GRC) Platforms, Q1 2018. In this evaluation, Nasdaq was cited as a Leader in Governance, Risk, and Compliance Platforms and received the maximum score of 5 for the evaluation criteria "Risk & Control Management", "Audit Management", "Dashboard and Reporting" and "Integration capabilities" for its BWise solutions. "We feel the strong scores we obtained in important functional areas provide assurance to our clients that they have selected a robust and future-proof software platform," said Tom Passon, Head of Product Innovation & Global Standards, Nasdaq BWise. "We are proud of this recognition that encourages us to further execute on our strategy to provide user-friendly, pre-configured best practice solutions that combine our innovative GRC software platform with leading expertis
Mandalay Resources Provides Target Release Date for Fourth Quarter and Full-Year 2017 Financial Results and Conference Call16.2.2018 13:30 | Pressmeddelande
TORONTO, Feb. 16, 2018 (GLOBE NEWSWIRE) -- Mandalay Resources Corporation ("Mandalay" or "the Company") (TSX:MND) today announced that its fourth quarter and full-year 2017 financial results will be released after market close on February 21, 2018, followed by a conference call with Mark Sander, President and Chief Executive Officer of Mandalay, for investors and analysts on February 22, 2018 at 8:00 am (Toronto time). Analysts and interested investors are invited to participate using the following dial-in numbers: Participant Number: (201) 689-8341 Participant Number (Toll free): (877) 407-8289 Conference ID: 13676606 A replay of the conference call will be available until 11:59 pm (Toronto time), March 8, 2018 and can be accessed using the following dial-in number: Encore Toll Free Dial-in Number: (877) 660-6853 Encore ID: 13676606 For Further Information: Mark Sander President and Chief Executive Officer Greg DiTomaso Director of Investor Relations Contact: +1.647.260.1566 About Man
I vårt pressrum kan du läsa de senaste pressmeddelandena, få tillgång till pressmaterial och hitta kontaktinformation.Besök vårt pressrum