Server-Side Exploits Dominate Threat Landscape and OT Vulnerabilities Rise 120 Percent Says Skybox Security's Inaugural Vulnerability and Threat Trends Report
Analysis of 2017 threat landscape trends shows that assets most difficult to patch are increasingly vulnerable
SAN JOSE, Calif., Feb. 07, 2018 (GLOBE NEWSWIRE) -- Skybox(TM) Security, a global leader in cybersecurity management, announced today the release of its inaugural Vulnerability and Threat Trends Report, which analyzes vulnerabilities, exploits and threats in play in 2017. The report, compiled by the team of research analysts at the Skybox Research Lab, aims to help organizations align their security strategy with the reality of the current threat landscape.
A trend observed for the last several years has seen threat actors turn cybercrime into a money-making machine. An integral part of this approach means taking the path of least resistance: leveraging existing attack tools rather than developing new ones, using the same attack on as many victims as possible and targeting "low-hanging fruit." Findings of the report shed light on how those "fruits" have changed to include the assets that are generally more difficult to patch.
During 2017, the vast majority of exploits affected server-side applications (76 percent), up 17 points since 2016. Skybox Security Chief Technology Officer Ron Davidson points out that dealing with server-side vulnerabilities is always more difficult because the higher-value assets require more consideration than simply if there is a patch available or not. "As more functions rely on servers than on clients," he explains, "organizations need to have the means to understand these server-side vulnerabilities in context - of the asset criticality, the surrounding topology and security controls, and the exploit activity in the wild. Only then can they accurately decide the optimal patching priority and schedule."
The increase in server-side exploits corresponds with the continued decline in the use of exploit kits relying on client-side vulnerabilities, which accounted for only a quarter of exploits in the wild that year. This is due in part to the demise of major exploit kit players like Angler, Neutrino and Nuclear, with no comparable frontrunner rising to replace them.
"This does not mean, however, exploit kits are gone," said Marina Kidron, senior security analyst and group leader of the Skybox Research Lab. "If there's one thing we know about cybercriminals, it's that they're constantly changing tactics, and so the next 'exploit kit giant' is very likely in development as we speak. We also suspect that some kits have 'gone private,' and are used exclusively by their developers in hopes of prolonging their viability."
Instances of newly-published sample exploit code have also increased, with the monthly average jumping 60 percent in 2017. With minimal adjustments - or none at all - attackers can turn these samples into fully functioning exploits for their own use. This scenario was the case with the NSA EternalBlue exploit leaked by The Shadow Brokers and used in the WannaCry and NotPetya attacks, among others. Such leaks are putting advanced attack tools in the hands of lower-skilled cyberattackers, enhancing the capabilities of an already well-outfitted threat landscape.
"Organizations need to stay up to speed with not only active exploits in the wild," said Kidron, "but also factor in vulnerabilities with available exploit code to their prioritization processes. While the latter set doesn't represent an imminent threat, they can make the jump to active exploitation very quickly - security teams need actionable intelligence at-the-ready when they do."
The report also shows that in 2017 there was a 120-percent increase in new vulnerabilities specific to operational technology (OT) compared to the previous year (OT includes monitoring and control devices common in critical infrastructure organizations such as energy producers, utilities and manufacturers, among others). This spike is particularly concerning as many organizations have poor or non-existent visibility of the OT network, especially when it comes to vulnerabilities as active scanning is generally prohibited.
"OT is too often in the dark, and that means security management isn't getting the full picture of cyber risk in their organization," said Kidron. "Even when patchable vulnerabilities are identified, OT engineers are understandably hesitant to install the update, as it could disrupt services, cause equipment damage or even risk life and limb. Organizations with OT networks need to have strategies in place not just for OT vulnerability assessment and patching prioritization, but also to unify such processes with those in the IT network to truly understand and manage risk."
Overall, new vulnerabilities catalogued by MITRE's National Vulnerability Database doubled in 2017. The jump was largely due to organizational improvements at MITRE and increased security research by vendors and third-parties, including vendor-sponsored bug bounty programs. The result is more than 14,000 newly assigned CVEs. Whatever the reason, it introduced yet more challenges to the teams responsible for managing vulnerabilities. "In 2017, if you were still relying on traditional prioritization methods like CVSS scores only, your laundry list just got longer," said Davidson. "In the year ahead, we may well see an even higher figure. Organizations have got to take a drastically different approach to vulnerability management."
Skybox recommends establishing a threat-centric vulnerability management (TCVM) program to adapt to these changes in the threat landscape and those yet to come. The TCVM approach helps security practitioners focus on the small subset of vulnerabilities most likely to be used in an attack by analyzing them from the interconnected perspectives of the business, network and threats in play.
About Skybox Research Lab
The Skybox(TM) Research Lab is team of security analysts who daily scour data from dozens of security feeds and sources as well as investigate sites in the dark web. The Research Lab validates and enhances data through automated as well as manual analysis, with analysts adding their knowledge of attack trends, cyber events and TTPs of today's attackers. Their ongoing investigations determine which vulnerabilities are being exploited in the wild and used in distributed crimeware such as ransomware, malware, exploit kits and other attacks exploiting client- and server-side vulnerabilities.
For more information on the methodology behind the Skybox Research Lab and to keep up with the latest vulnerability and threat intelligence, visit www.vulnerabilitycenter.com.
About Skybox Security
Skybox provides the industry's broadest cybersecurity management platform, delivering comprehensive attack surface visibility. Skybox delivers the context needed to quickly identify and fix vulnerabilities and security weaknesses within large, complex networks - including physical, virtual, multi-cloud and OT environments. The Skybox(TM) Security Suite integrates with more than 120 networking and security technologies to give insight on how to improve efficiency and effectiveness of vulnerability and threat management and firewall and security policy management.
© 2018 Skybox Security, Inc. All rights reserved. Skybox Security and the Skybox Security logo are either registered trademarks or trademarks of Skybox Security, Inc., in the United States and/or other countries. All other trademarks are the property of their respective owners. Product specifications subject to change at any time without prior notice.
Director of Brand and Communications
408-205-1618 | Tawnya.firstname.lastname@example.org
OneChocolate for Skybox Security
North America: Brian Blank
1-415-606-8381 | email@example.com
United Kingdom: Daniel Couzens
+44 (0)20 7437 0227 | DanielC@onechocolatecomms.co.uk
Germany: Melanie Grasser
+49 (0)89 3888 920 10 | MelanieG@onechocolatecomms.de
France: Xavier Delhôme
+33 1 41 31 75 09 | firstname.lastname@example.org
The issuer of this announcement warrants that they are solely responsible for the content, accuracy and originality of the information contained therein.
Source: Skybox Security via Globenewswire
Subscribe to releases from GlobeNewswire
Subscribe to all the latest releases from GlobeNewswire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from GlobeNewswire
Karolinska Development delays publication of its Annual Report for 2018 and changes date for the Annual General Meeting26.4.2019 08:00:00 CEST | Press release
STOCKHOLM, SWEDEN - 26 April 2019. Karolinska Development AB (Nasdaq Stockholm: KDEV) announces today that The Board of Directors has decided to delay the publication of its Annual Report for 2018. Karolinska Development has changed the date for the Annual General Meeting to June 26, 2019. The date for publication of the Annual Report for 2018 has been changed from April 26 to April 30, 2019. Karolinska Development has changed the date for the Annual General Meeting from June 4 to June 26, 2019. Notice to the Annual General Meeting will be published in a separate press release. For more information, please contact: Viktor Drvota, CEO, Karolinska Development AB Phone: +46 73 982 52 02, e-mail: email@example.com Fredrik Järrsten, CFO, Karolinska Development AB Phone: +46 70 496 46 28, e-mail: firstname.lastname@example.org TO THE EDITORS About Karolinska Development AB Karolinska Development AB (Nasdaq Stockholm: KDEV) is a Nordic life sciences investmen
Karolinska Development senarelägger publicering av årsredovisningen för 2018 och meddelar nytt datum för årsstämma26.4.2019 08:00:00 CEST | Pressmeddelande
STOCKHOLM, SVERIGE - 26 april 2019. Karolinska Development AB (Nasdaq Stockholm: KDEV) meddelar idag att styrelsen har beslutat att senarelägga publiceringen av årsredovisningen för 2018. Karolinska Development har ändrat datum för årsstämman till den 26 juni 2019. Publiceringen av årsredovisningen för 2018 flyttas från den 26 april till den 30 april 2019. Karolinska Development har ändrat datum för årsstämman från den 4 juni till den 26 juni 2019. Kallelse till årsstämman kommer att publiceras senare i ett separat pressmeddelande. För ytterligare information, vänligen kontakta: Viktor Drvota, vd, Karolinska Development AB Tel: +46 73 982 52 02, e-mail: email@example.com Fredrik Järrsten, finanschef, Karolinska Development AB Tel: +46 70 496 46 28, e-mail: firstname.lastname@example.org TILL REDAKTÖRERNA Om Karolinska Development AB Karolinska Development AB (Nasdaq Stockholm: KDEV) är ett nordiskt investmentbolag inom life science. Bolaget fokuserar p
Karolinska Developments portföljbolag Aprea Therapeutics har fått särläkemedelsstatus och snabbspårstatus från FDA för APR-24616.4.2019 12:46:00 CEST | Pressmeddelande
STOCKHOLM, SVERIGE - 16 april 2019. Karolinska Development AB meddelar idag att portföljbolaget Aprea Therapeutics har av FDA fått särläkemedelsstatus för APR-246 för behandling av patienter med TP53-muterad myelodysplastiskt syndrom (MDS). Dessutom ger FDA bolaget snabbspårstatus (Fast Track Designation), för APR-246 för behandling av MDS. Amerikanska läkemedelsverket, FDA, ger särläkemedelsstatus till läkemedelskandidater för att snabba på utvärderingen och utvecklingen av säkra och effektiva behandlingar av ovanliga sjukdomar. Särläkemedelsstatus ger företag både regulatoriska och kommersiella incitament genom att läkemedlet får marknadsexklusivitet på den amerikanska marknaden i sju år efter marknadsgodkännande samtidigt som företaget får stöd från FDA när det gäller designen av kliniska prövningar, skatteförmåner för kostnader kopplade till kliniska prövningar och avgiftsbefrielse från FDA. FDA:s snabbspår underlättar utvecklingen av läkemedel som är avsedda för att behandla allva
Karolinska Development's portfolio company Aprea Therapeutics has received FDA Orphan Drug Designation and Fast Track Designation for APR-24616.4.2019 12:46:00 CEST | Press release
STOCKHOLM, April 16, 2019. Karolinska Development's portfolio company Aprea Therapeutics has from FDA received an Orphan Drug Designation for APR-246 for the treatment of patients with Myelodysplastic Syndromes (MDS) having a TP53 mutation. In addition, FDA has also granted Fast Track Designation to APR-246 for treatment of MDS. Orphan Drug Designation is granted by the FDA Office of Orphan Products Development to advance the evaluation and development of safe and effective therapies for the treatment of rare diseases. The designation can provide development and commercial incentives for designated compounds and medicines, including eligibility for a seven-year period of market exclusivity in the U.S. after product approval, FDA assistance in clinical trial design, tax credits related to clinical trial expenses, and an exemption from FDA user fees. The FDA's Fast Track program facilitates the development of drugs intended to treat serious conditions and that have the potential to addre
Bergman & Beving AB: Bergman & Beving förvärvar KGC10.4.2019 14:00:00 CEST | Pressmeddelande
Pressmeddelande Bergman & Beving förvärvar KGC Bergman & Beving har idag tecknat avtal om förvärv av samtliga aktier i KGC Verktyg & Maskiner AB. KGC, med säte i Älvsjö, har i mer än 60 år utvecklat och levererat kvalitetsverktyg och tillbehör för murning och plattsättning i det egna varumärket KGC. Bolaget omsätter cirka 80 MSEK per år, och har 24 anställda. "KGC är ett ledande varumärke med högt anseende hos murare och plattsättare och har en mycket stark ställning på den svenska marknaden", säger Pontus Boman, VD och koncernchef. Tillträde beräknas ske den 1 maj 2019 och förvärvet bedöms ha en marginellt positiv påverkan på Bergman & Bevings resultat per aktie under innevarande räkenskapsår. Stockholm den 10 april 2019 Bergman & Beving AB (publ) För ytterligare information kontakta: Pontus Boman, VD & Koncernchef, telefon 010-454 77 00 Peter Schön, CFO, telefon 070-339 89 99 Denna information lämnades, genom ovanstående kontaktpersoners försorg, för offentliggörande den 10 april 201
Bergman & Beving AB: Bergman & Beving acquires KGC10.4.2019 14:00:00 CEST | Press release
Press release Bergman & Beving acquires KGC Bergman & Beving has today signed an agreement to acquire all shares in KGC Verktyg & Maskiner AB. KGC, based in Älvsjö, has for more than 60 years developed and delivered quality tools and accessories for bricklayers and tilers in its own brand KGC. The business has a turnover of approximately SEK 80 million per year, and has 24 employees. "KGC is a leading brand with high reputation among bricklayers and tilers and has a very strong position in the Swedish market," says Pontus Boman, President and CEO. The closing is taking effect on 1 May 2019 and the acquisition is expected to have a marginal positive impact on Bergman & Beving's earnings per share during the current fiscal year. Stockholm, 10 April 2019 Bergman & Beving AB (publ) For further information, please contact: Pontus Boman, President & CEO, Tel: +46 10 454 77 00 Peter Schön, CFO, Tel: +46 70 339 89 99 The information was submitted for publication, through the agency of the cont
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.Visit our pressroom