Server-Side Exploits Dominate Threat Landscape and OT Vulnerabilities Rise 120 Percent Says Skybox Security's Inaugural Vulnerability and Threat Trends Report
Analysis of 2017 threat landscape trends shows that assets most difficult to patch are increasingly vulnerable
SAN JOSE, Calif., Feb. 07, 2018 (GLOBE NEWSWIRE) -- Skybox(TM) Security, a global leader in cybersecurity management, announced today the release of its inaugural Vulnerability and Threat Trends Report, which analyzes vulnerabilities, exploits and threats in play in 2017. The report, compiled by the team of research analysts at the Skybox Research Lab, aims to help organizations align their security strategy with the reality of the current threat landscape.
A trend observed for the last several years has seen threat actors turn cybercrime into a money-making machine. An integral part of this approach means taking the path of least resistance: leveraging existing attack tools rather than developing new ones, using the same attack on as many victims as possible and targeting "low-hanging fruit." Findings of the report shed light on how those "fruits" have changed to include the assets that are generally more difficult to patch.
During 2017, the vast majority of exploits affected server-side applications (76 percent), up 17 points since 2016. Skybox Security Chief Technology Officer Ron Davidson points out that dealing with server-side vulnerabilities is always more difficult because the higher-value assets require more consideration than simply if there is a patch available or not. "As more functions rely on servers than on clients," he explains, "organizations need to have the means to understand these server-side vulnerabilities in context - of the asset criticality, the surrounding topology and security controls, and the exploit activity in the wild. Only then can they accurately decide the optimal patching priority and schedule."
The increase in server-side exploits corresponds with the continued decline in the use of exploit kits relying on client-side vulnerabilities, which accounted for only a quarter of exploits in the wild that year. This is due in part to the demise of major exploit kit players like Angler, Neutrino and Nuclear, with no comparable frontrunner rising to replace them.
"This does not mean, however, exploit kits are gone," said Marina Kidron, senior security analyst and group leader of the Skybox Research Lab. "If there's one thing we know about cybercriminals, it's that they're constantly changing tactics, and so the next 'exploit kit giant' is very likely in development as we speak. We also suspect that some kits have 'gone private,' and are used exclusively by their developers in hopes of prolonging their viability."
Instances of newly-published sample exploit code have also increased, with the monthly average jumping 60 percent in 2017. With minimal adjustments - or none at all - attackers can turn these samples into fully functioning exploits for their own use. This scenario was the case with the NSA EternalBlue exploit leaked by The Shadow Brokers and used in the WannaCry and NotPetya attacks, among others. Such leaks are putting advanced attack tools in the hands of lower-skilled cyberattackers, enhancing the capabilities of an already well-outfitted threat landscape.
"Organizations need to stay up to speed with not only active exploits in the wild," said Kidron, "but also factor in vulnerabilities with available exploit code to their prioritization processes. While the latter set doesn't represent an imminent threat, they can make the jump to active exploitation very quickly - security teams need actionable intelligence at-the-ready when they do."
The report also shows that in 2017 there was a 120-percent increase in new vulnerabilities specific to operational technology (OT) compared to the previous year (OT includes monitoring and control devices common in critical infrastructure organizations such as energy producers, utilities and manufacturers, among others). This spike is particularly concerning as many organizations have poor or non-existent visibility of the OT network, especially when it comes to vulnerabilities as active scanning is generally prohibited.
"OT is too often in the dark, and that means security management isn't getting the full picture of cyber risk in their organization," said Kidron. "Even when patchable vulnerabilities are identified, OT engineers are understandably hesitant to install the update, as it could disrupt services, cause equipment damage or even risk life and limb. Organizations with OT networks need to have strategies in place not just for OT vulnerability assessment and patching prioritization, but also to unify such processes with those in the IT network to truly understand and manage risk."
Overall, new vulnerabilities catalogued by MITRE's National Vulnerability Database doubled in 2017. The jump was largely due to organizational improvements at MITRE and increased security research by vendors and third-parties, including vendor-sponsored bug bounty programs. The result is more than 14,000 newly assigned CVEs. Whatever the reason, it introduced yet more challenges to the teams responsible for managing vulnerabilities. "In 2017, if you were still relying on traditional prioritization methods like CVSS scores only, your laundry list just got longer," said Davidson. "In the year ahead, we may well see an even higher figure. Organizations have got to take a drastically different approach to vulnerability management."
Skybox recommends establishing a threat-centric vulnerability management (TCVM) program to adapt to these changes in the threat landscape and those yet to come. The TCVM approach helps security practitioners focus on the small subset of vulnerabilities most likely to be used in an attack by analyzing them from the interconnected perspectives of the business, network and threats in play.
About Skybox Research Lab
The Skybox(TM) Research Lab is team of security analysts who daily scour data from dozens of security feeds and sources as well as investigate sites in the dark web. The Research Lab validates and enhances data through automated as well as manual analysis, with analysts adding their knowledge of attack trends, cyber events and TTPs of today's attackers. Their ongoing investigations determine which vulnerabilities are being exploited in the wild and used in distributed crimeware such as ransomware, malware, exploit kits and other attacks exploiting client- and server-side vulnerabilities.
For more information on the methodology behind the Skybox Research Lab and to keep up with the latest vulnerability and threat intelligence, visit www.vulnerabilitycenter.com.
About Skybox Security
Skybox provides the industry's broadest cybersecurity management platform, delivering comprehensive attack surface visibility. Skybox delivers the context needed to quickly identify and fix vulnerabilities and security weaknesses within large, complex networks - including physical, virtual, multi-cloud and OT environments. The Skybox(TM) Security Suite integrates with more than 120 networking and security technologies to give insight on how to improve efficiency and effectiveness of vulnerability and threat management and firewall and security policy management.
© 2018 Skybox Security, Inc. All rights reserved. Skybox Security and the Skybox Security logo are either registered trademarks or trademarks of Skybox Security, Inc., in the United States and/or other countries. All other trademarks are the property of their respective owners. Product specifications subject to change at any time without prior notice.
Director of Brand and Communications
408-205-1618 | Tawnya.email@example.com
OneChocolate for Skybox Security
North America: Brian Blank
1-415-606-8381 | firstname.lastname@example.org
United Kingdom: Daniel Couzens
+44 (0)20 7437 0227 | DanielC@onechocolatecomms.co.uk
Germany: Melanie Grasser
+49 (0)89 3888 920 10 | MelanieG@onechocolatecomms.de
France: Xavier Delhôme
+33 1 41 31 75 09 | email@example.com
The issuer of this announcement warrants that they are solely responsible for the content, accuracy and originality of the information contained therein.
Source: Skybox Security via Globenewswire
Om Nasdaq GlobeNewswire
One Liberty Plaza - 165 Broadway
NY 10006 New York
+1 212 401 8700http://www.nasdaqomx.com
NASDAQ (NASDAQ: NDAQ) is a leading provider of trading, exchange technology, information and public company services across six continents.
Følg saker fra Nasdaq GlobeNewswire
Registrer deg med din epostadresse under for å få de nyeste sakene fra Nasdaq GlobeNewswire på epost fortløpende. Du kan melde deg av når som helst.
Siste saker fra Nasdaq GlobeNewswire
PayByPhone Supports Additional Languages16.8.2018 19:47 | Pressemelding
Drivers can now use the app in Spanish and Chinese VANCOUVER, British Columbia, Aug. 16, 2018 (GLOBE NEWSWIRE) -- Drivers who pay for their parking with the PayByPhone app can now use the app in Spanish, Traditional Chinese, and Simplified Chinese. Later this year, the leading mobile parking payment service will also be available in Punjabi. The support of multiple languages increases PayByPhone’s usability for its diverse consumer base, who are located across North America, Europe, and Australia. To gain access to the newly supported languages within PayByPhone, drivers can simply download the latest version of the app and set their iOS or Android device to their preferred language. “We’re excited to have expanded our language offerings beyond English and French,” said Barrie Arnold, Chief Commercial Officer, PayByPhone North America. “PayByPhone is available in many multicultural cities worldwide, and this update improves the app’s accessibility. PayByPhone has gained a global presen
Global Dairy Platform Announces Dairy Farmers of America CEO Rick Smith as New Board Chair16.8.2018 17:52 | Pressemelding
ROSEMONT, Ill., Aug. 16, 2018 (GLOBE NEWSWIRE) -- Global Dairy Platform (GDP), a pre-competitive collaboration of dairy sector organizations focused on encouraging the appropriate intake of nutrient-rich dairy foods and demonstrating the sector’s role in sustainable agriculture, today announced the appointment of Rick Smith, President and Chief Executive Officer of Dairy Farmers of America as Chair of the Board of Directors. “It is truly an honor to serve as Chair of GDP’s Board of Directors,” noted Mr. Smith. “We are facing global food and health challenges that need short and long-term solutions. The work of GDP creates an avenue for collaborative action that demonstrates dairy’s valuable contribution to global food systems, healthy diets and sustainable livelihoods.” Mr. Smith will serve on the board along with Fonterra Co-operative Group Chief Executive Officer Mr. Miles Hurrell; China Mengniu Dairy Company Executive Director and Chief Executive Officer Mr. Minfang (Jeffery) Lu; Ro
GridGain Systems Named to Inc. 500 List of America’s Fastest-Growing Private Companies for Second Consecutive Year16.8.2018 09:00 | Pressemelding
GridGain Ranks 17th among Software Companies, 13th in San Francisco Metro Area FOSTER CITY, Calif., Aug. 16, 2018 (GLOBE NEWSWIRE) -- GridGain Systems, provider of enterprise-grade in-memory computing solutions based on Apache® Ignite™, today announced it has been named to the 37th annual Inc. 500 list, a highly regarded ranking of the nation’s fastest-growing private companies. This is the second year in a row GridGain has been named to the list. GridGain’s rank of 158 on this year’s Inc. 500 list is up from number 187 last year. The company is ranked 17th among software companies, 13th in the San Francisco metro area, and 37th in the state of California. The Inc. 500 represents a unique look at the most successful companies within the American economy’s most dynamic segment – its independent small and midsized businesses. GridGain provides an in-memory computing platform that delivers speed, scale and high availability to data-intensive applications. Built on a memory-centric archite
Perceptyx Named One of America’s Fastest Growing Companies for the 4th Consecutive Year16.8.2018 05:37 | Pressemelding
INC 5000 award recognizes Perceptyx’s continued innovation and partnership with many of the world’s best companies SAN DIEGO, Aug. 15, 2018 (GLOBE NEWSWIRE) -- For the 4th consecutive year, Perceptyx has made the prestigious INC 5000 list of America’s fastest growing private companies. A recognized leader in people analytics, Perceptyx specializes in facilitating organizational change through the strategic use of employee surveys and management consulting. Longtime partners with many of the world's largest organizations, Perceptyx is uniquely capable of delivering insights across heavily distributed organizations with complex hierarchies in a way that’s as unique as an organization’s culture and brand. “We’re proud to be recognized among America’s fastest growing companies again,” says John Borland, Co-founder and CEO of Perceptyx. “We believe that our clients are the real heroes of their organizations. It has been our honor to help so many of the world’s best companies realize their g
Bombardier Establishes Automatic Securities Disposition Plan15.8.2018 22:48 | Pressemelding
Not for distribution to U.S. news wire services or public dissemination in the United States Plan permits sales of vested shares earned by certain senior executives in accordance with predetermined instructions Plan reinforces the incentive effect of performance-based compensation by allowing for the sale of shares on the open market over a period of up to two years at prevailing market prices, regardless of any subsequent material non-public information participants may receive Plan participants must satisfy Bombardier’s minimum stock ownership guidelines for senior executives MONTRÉAL, Aug. 15, 2018 (GLOBE NEWSWIRE) -- Bombardier announced today that it has established an automatic securities disposition plan (“ASDP”) in accordance with applicable Canadian provincial securities legislation. The ASDP allows for the exercise and sale of vested securities earned by certain senior executives of Bombardier as part of their overall performance-based compensation. Under Canadian securities
Cisco Reports Fourth Quarter and Fiscal Year 2018 Earnings15.8.2018 22:05 | Pressemelding
• Q4 Results: Revenue: $12.8 billion ▪ Increase of 6% year over year ▪ Recurring revenue was 32% of total revenue, up 1 point year over year Earnings per Share: GAAP: $0.81; Non-GAAP: $0.70 ▪ Non-GAAP EPS increased 15% year over year • FY 2018 Results: Revenue: $49.3 billion; increase of 3% year over year Earnings per Share: GAAP: $0.02; Non-GAAP: $2.60 ▪ Non-GAAP EPS increased 9% year over year ▪ GAAP results include a $10.4 billion charge related to the enactment of the Tax Cuts and Jobs Acts • Q1 FY 2019 Guidance: Revenue: 5% to 7% growth year over year Earnings per Share: GAAP: $0.69 to $0.74; Non-GAAP: $0.70 to $0.72 SAN JOSE, Calif., Aug. 15, 2018 (GLOBE NEWSWIRE) -- Cisco today reported fourth quarter and fiscal year results for the period ended July 28, 2018. Cisco reported fourth quarter revenue of $12.8 billion, net income on a generally accepted accounting principles (GAAP) basis of $3.8 billion or $0.81 per share, and non-GAAP net income of $3.3 billion or $0.70 per share.
I vårt presserom finner du alle våre siste saker, kontaktpersoner, bilder, dokumenter og annen relevant informasjon om oss.Besøk vårt presserom