Server-Side Exploits Dominate Threat Landscape and OT Vulnerabilities Rise 120 Percent Says Skybox Security's Inaugural Vulnerability and Threat Trends Report
Analysis of 2017 threat landscape trends shows that assets most difficult to patch are increasingly vulnerable
SAN JOSE, Calif., Feb. 07, 2018 (GLOBE NEWSWIRE) -- Skybox(TM) Security, a global leader in cybersecurity management, announced today the release of its inaugural Vulnerability and Threat Trends Report, which analyzes vulnerabilities, exploits and threats in play in 2017. The report, compiled by the team of research analysts at the Skybox Research Lab, aims to help organizations align their security strategy with the reality of the current threat landscape.
A trend observed for the last several years has seen threat actors turn cybercrime into a money-making machine. An integral part of this approach means taking the path of least resistance: leveraging existing attack tools rather than developing new ones, using the same attack on as many victims as possible and targeting "low-hanging fruit." Findings of the report shed light on how those "fruits" have changed to include the assets that are generally more difficult to patch.
During 2017, the vast majority of exploits affected server-side applications (76 percent), up 17 points since 2016. Skybox Security Chief Technology Officer Ron Davidson points out that dealing with server-side vulnerabilities is always more difficult because the higher-value assets require more consideration than simply if there is a patch available or not. "As more functions rely on servers than on clients," he explains, "organizations need to have the means to understand these server-side vulnerabilities in context - of the asset criticality, the surrounding topology and security controls, and the exploit activity in the wild. Only then can they accurately decide the optimal patching priority and schedule."
The increase in server-side exploits corresponds with the continued decline in the use of exploit kits relying on client-side vulnerabilities, which accounted for only a quarter of exploits in the wild that year. This is due in part to the demise of major exploit kit players like Angler, Neutrino and Nuclear, with no comparable frontrunner rising to replace them.
"This does not mean, however, exploit kits are gone," said Marina Kidron, senior security analyst and group leader of the Skybox Research Lab. "If there's one thing we know about cybercriminals, it's that they're constantly changing tactics, and so the next 'exploit kit giant' is very likely in development as we speak. We also suspect that some kits have 'gone private,' and are used exclusively by their developers in hopes of prolonging their viability."
Instances of newly-published sample exploit code have also increased, with the monthly average jumping 60 percent in 2017. With minimal adjustments - or none at all - attackers can turn these samples into fully functioning exploits for their own use. This scenario was the case with the NSA EternalBlue exploit leaked by The Shadow Brokers and used in the WannaCry and NotPetya attacks, among others. Such leaks are putting advanced attack tools in the hands of lower-skilled cyberattackers, enhancing the capabilities of an already well-outfitted threat landscape.
"Organizations need to stay up to speed with not only active exploits in the wild," said Kidron, "but also factor in vulnerabilities with available exploit code to their prioritization processes. While the latter set doesn't represent an imminent threat, they can make the jump to active exploitation very quickly - security teams need actionable intelligence at-the-ready when they do."
The report also shows that in 2017 there was a 120-percent increase in new vulnerabilities specific to operational technology (OT) compared to the previous year (OT includes monitoring and control devices common in critical infrastructure organizations such as energy producers, utilities and manufacturers, among others). This spike is particularly concerning as many organizations have poor or non-existent visibility of the OT network, especially when it comes to vulnerabilities as active scanning is generally prohibited.
"OT is too often in the dark, and that means security management isn't getting the full picture of cyber risk in their organization," said Kidron. "Even when patchable vulnerabilities are identified, OT engineers are understandably hesitant to install the update, as it could disrupt services, cause equipment damage or even risk life and limb. Organizations with OT networks need to have strategies in place not just for OT vulnerability assessment and patching prioritization, but also to unify such processes with those in the IT network to truly understand and manage risk."
Overall, new vulnerabilities catalogued by MITRE's National Vulnerability Database doubled in 2017. The jump was largely due to organizational improvements at MITRE and increased security research by vendors and third-parties, including vendor-sponsored bug bounty programs. The result is more than 14,000 newly assigned CVEs. Whatever the reason, it introduced yet more challenges to the teams responsible for managing vulnerabilities. "In 2017, if you were still relying on traditional prioritization methods like CVSS scores only, your laundry list just got longer," said Davidson. "In the year ahead, we may well see an even higher figure. Organizations have got to take a drastically different approach to vulnerability management."
Skybox recommends establishing a threat-centric vulnerability management (TCVM) program to adapt to these changes in the threat landscape and those yet to come. The TCVM approach helps security practitioners focus on the small subset of vulnerabilities most likely to be used in an attack by analyzing them from the interconnected perspectives of the business, network and threats in play.
About Skybox Research Lab
The Skybox(TM) Research Lab is team of security analysts who daily scour data from dozens of security feeds and sources as well as investigate sites in the dark web. The Research Lab validates and enhances data through automated as well as manual analysis, with analysts adding their knowledge of attack trends, cyber events and TTPs of today's attackers. Their ongoing investigations determine which vulnerabilities are being exploited in the wild and used in distributed crimeware such as ransomware, malware, exploit kits and other attacks exploiting client- and server-side vulnerabilities.
For more information on the methodology behind the Skybox Research Lab and to keep up with the latest vulnerability and threat intelligence, visit www.vulnerabilitycenter.com.
About Skybox Security
Skybox provides the industry's broadest cybersecurity management platform, delivering comprehensive attack surface visibility. Skybox delivers the context needed to quickly identify and fix vulnerabilities and security weaknesses within large, complex networks - including physical, virtual, multi-cloud and OT environments. The Skybox(TM) Security Suite integrates with more than 120 networking and security technologies to give insight on how to improve efficiency and effectiveness of vulnerability and threat management and firewall and security policy management.
© 2018 Skybox Security, Inc. All rights reserved. Skybox Security and the Skybox Security logo are either registered trademarks or trademarks of Skybox Security, Inc., in the United States and/or other countries. All other trademarks are the property of their respective owners. Product specifications subject to change at any time without prior notice.
Director of Brand and Communications
408-205-1618 | Tawnya.email@example.com
OneChocolate for Skybox Security
North America: Brian Blank
1-415-606-8381 | firstname.lastname@example.org
United Kingdom: Daniel Couzens
+44 (0)20 7437 0227 | DanielC@onechocolatecomms.co.uk
Germany: Melanie Grasser
+49 (0)89 3888 920 10 | MelanieG@onechocolatecomms.de
France: Xavier Delhôme
+33 1 41 31 75 09 | email@example.com
The issuer of this announcement warrants that they are solely responsible for the content, accuracy and originality of the information contained therein.
Source: Skybox Security via Globenewswire
Följ NASDAQ OMX
Abonnera på våra pressmeddelanden.
Senaste pressmeddelandena från NASDAQ OMX
LeoVegas applies for gambling licence in Sweden20.8.2018 12:05 | Pressmeddelande
On January 1, 2019, Sweden becomes a licensed gaming market and LeoVegas has now submitted its application to obtain a licence for casino and sports betting. This is in line with LeoVegas' expansion strategy and is one of the steps towards achieving the financial targets for the year 2020, which are to reach at least EUR 600 m in revenue and EBITDA of at least EUR 100 m. "While it has been known for some time that Sweden is introducing a local licence system, it is very exciting to formally submit an application and is something we have been looking forward to for a long time. Sweden's becoming a locally regulated market is a milestone for Sweden, the industry and LeoVegas. Now, for the first time, everyone can compete on equal terms in a regulated environment, where responsible gaming is a very important part. We believe we have great opportunities to continue gaining market shares in the Swedish market. LeoVegas is a company that operates on several regulated markets and thus has the
LeoVegas ansöker om spellicens i Sverige20.8.2018 12:05 | Pressmeddelande
Den 1:a Januari 2019 blir Sverige en licensierad spelmarknad och LeoVegas har nu lämnat in sin licensansökan för casino och sportspel. Detta ligger i linje med LeoVegas expansionsstrategi och är ett av stegen för att uppnå de finansiella målen år 2020 om minst 600 MEUR i intäkter och minst 100 MEUR i EBITDA. "Att Sverige inför ett lokalt licenssystem har varit känt en längre tid men att formellt lämna in ansökan känns oerhört bra och någonting vi sett fram emot länge. Att Sverige äntligen blir en reglerad marknad är en milstolpe för Sverige, branschen och LeoVegas. Nu kan alla för första gången konkurrera på lika villkor i en reglerad miljö, där ansvarsfullt spelande är en väldigt viktig del. Vi anser oss ha stora möjligheter att fortsätta ta marknadsandelar på den svenska marknaden. LeoVegas är ett bolag som opererar på flera reglerade marknader och har därmed de rätta verktygen och kunskapen för att skapa en hållbar och stark tillväxt.", säger Gustaf Hagman, Group CEO. Reglerade mark
Stillfront Group AB: Stillfront Group rekryterar IR- och kommunikationschef20.8.2018 08:30 | Pressmeddelande
PRESSMEDDELANDE 2018-08-20 Stillfront Group rekryterar IR- och kommunikationschef Sofia Wretman har utsetts till IR- och kommunikationschef för Stillfront Group och kommer att ingå i koncernledningen. Befattningen är ny och omfattar intern och extern kommunikation samt investor relations. Sofia Wretman har mer än 15 års erfarenhet av att arbeta strategiskt med kommunikations- och IR-frågor inom olika branscher. Tidigare positioner inkluderar bland annat IR- och kommunikationschef på Alimak Group, seniorkonsult på Hallvarsson & Halvarsson och kommunikationsansvarig på SAS Institute. "Vi är glada att välkomna Sofia till Stillfronts ledning. Sofia blir ansvarig för koncernens kommunikation, internt och externt samt investor relations. Rekryteringen av Sofia och tillsättningen av denna tjänst, som är ny, är ett led i bolagets planerade listbyte till Nasdaq Stockholms huvudlista. Denna satsning är också viktig då gruppen sedan noteringen på First North 2015 har vuxit med flera stora förvärv
Stillfront Group AB: Stillfront Group announces Head of IR & Communications20.8.2018 08:30 | Pressmeddelande
PRESS RELEASE 2018-08-20 Stillfront Group announces Head of IR & Communications Sofia Wretman has been appointed as Head of IR & Communications and will be part of the Group's management team. The position is new and covers both internal and external communications as well as investor relations. Sofia Wretman has more than fifteen years of experience of strategic communication and investor relations from a range of industries. Former positions include Head of IR & Communications at Alimak Group, Senior Consultant at Hallvarsson & Halvarsson and Communications manager at SAS Institute. "We are pleased to welcome Sofia as member of the management team. Sofia will be responsible for internal and external communications as well as investor relations. The recruitment of Sofia and the appointment of this new role is part of the Group's planned move to the main market of Nasdaq Stockholm. The recruitment is also important as the Group since its listing at First North in 2015, has grown rapidl
BIMobject AB: Kallelse till extra bolagsstämma den 5 september 2018. Patrick Söderlund och Hjalmar Winbladh föreslås som nya styrelseledamöter i BIMobject AB. Split 2:1 föreslås.15.8.2018 15:30 | Pressmeddelande
Aktieägare representerande cirka 49 procent av rösterna i BIMobject AB har meddelat att de föreslår att Hjalmar Winbladh och Patrick Söderlund väljs till nya styrelseledamöter vid en extra bolagsstämma onsdagen den 5 september 2018. Ben O'Donnell lämnar sitt uppdrag som styrelseledamot i samband med den extra bolagsstämman. Styrelsen kommer därefter att bestå av Stefan Larsson (VD), Anders Wilhjelm (ordförande), Johannes Reischböck, Philippe Butty, Hjalmar Winbladh och Patrick Söderlund. Vidare föreslås ändrad ersättning till styrelsen. Nytt arvode utgår med 800 000 kronor, fördelat mellan styrelseordförande och Söderlund om 400 000 kronor vardera. Styrelsen föreslår även att stämman beslutar om aktieuppdelning av befintliga utestående aktier i förhållande 2:1. Patrick Söderlund, född 1973 och svensk medborgare, är Chief Design Officer samt Executive Vice President på Electronic Arts. I denna roll leder han utvecklingen av bolagets tekniska innovationer och bolagets marknadsföringsteam
BIMobject AB: Notice to attend Extraordinary General Meeting on September 5, 2018. Patrick Söderlund and Hjalmar Winbladh proposed as new Board Members in BIMobject AB. A split 2:1 is proposed.15.8.2018 15:30 | Pressmeddelande
Shareholders representing approximately 49 percent of the votes in BIMobject AB have announced that they propose that Hjalmar Winbladh and Patrick Söderlund are appointed new Board Members at an Extraordinary General Meeting to be held on Wednesday September 5, 2018. Ben O'Donnell resigns as Board Member in connection with the Extraordinary General Meeting. The Board will thereafter be composed of Stefan Larsson (CEO), Anders Wilhjelm (Chairman), Johannes Reischböck, Philippe Butty, Hjalmar Winbladh and Patrick Söderlund. Furthermore, a change in remuneration to the Board is proposed. The new Board fee totals SEK 800,000 and is to be divided between the Chairman and Söderlund with SEK 400,000 each. The board also proposes that the General Meeting resolves to split the company's shares 2:1. Patrick Söderlund, born in 1973 and a Swedish citizen, is Chief Design Officer and Executive Vice President at Electronic Arts. In his present role he manages the development of technology innovation
I vårt pressrum kan du läsa de senaste pressmeddelandena, få tillgång till pressmaterial och hitta kontaktinformation.Besök vårt pressrum