Server-Side Exploits Dominate Threat Landscape and OT Vulnerabilities Rise 120 Percent Says Skybox Security's Inaugural Vulnerability and Threat Trends Report
Analysis of 2017 threat landscape trends shows that assets most difficult to patch are increasingly vulnerable
SAN JOSE, Calif., Feb. 07, 2018 (GLOBE NEWSWIRE) -- Skybox(TM) Security, a global leader in cybersecurity management, announced today the release of its inaugural Vulnerability and Threat Trends Report, which analyzes vulnerabilities, exploits and threats in play in 2017. The report, compiled by the team of research analysts at the Skybox Research Lab, aims to help organizations align their security strategy with the reality of the current threat landscape.
A trend observed for the last several years has seen threat actors turn cybercrime into a money-making machine. An integral part of this approach means taking the path of least resistance: leveraging existing attack tools rather than developing new ones, using the same attack on as many victims as possible and targeting "low-hanging fruit." Findings of the report shed light on how those "fruits" have changed to include the assets that are generally more difficult to patch.
During 2017, the vast majority of exploits affected server-side applications (76 percent), up 17 points since 2016. Skybox Security Chief Technology Officer Ron Davidson points out that dealing with server-side vulnerabilities is always more difficult because the higher-value assets require more consideration than simply if there is a patch available or not. "As more functions rely on servers than on clients," he explains, "organizations need to have the means to understand these server-side vulnerabilities in context - of the asset criticality, the surrounding topology and security controls, and the exploit activity in the wild. Only then can they accurately decide the optimal patching priority and schedule."
The increase in server-side exploits corresponds with the continued decline in the use of exploit kits relying on client-side vulnerabilities, which accounted for only a quarter of exploits in the wild that year. This is due in part to the demise of major exploit kit players like Angler, Neutrino and Nuclear, with no comparable frontrunner rising to replace them.
"This does not mean, however, exploit kits are gone," said Marina Kidron, senior security analyst and group leader of the Skybox Research Lab. "If there's one thing we know about cybercriminals, it's that they're constantly changing tactics, and so the next 'exploit kit giant' is very likely in development as we speak. We also suspect that some kits have 'gone private,' and are used exclusively by their developers in hopes of prolonging their viability."
Instances of newly-published sample exploit code have also increased, with the monthly average jumping 60 percent in 2017. With minimal adjustments - or none at all - attackers can turn these samples into fully functioning exploits for their own use. This scenario was the case with the NSA EternalBlue exploit leaked by The Shadow Brokers and used in the WannaCry and NotPetya attacks, among others. Such leaks are putting advanced attack tools in the hands of lower-skilled cyberattackers, enhancing the capabilities of an already well-outfitted threat landscape.
"Organizations need to stay up to speed with not only active exploits in the wild," said Kidron, "but also factor in vulnerabilities with available exploit code to their prioritization processes. While the latter set doesn't represent an imminent threat, they can make the jump to active exploitation very quickly - security teams need actionable intelligence at-the-ready when they do."
The report also shows that in 2017 there was a 120-percent increase in new vulnerabilities specific to operational technology (OT) compared to the previous year (OT includes monitoring and control devices common in critical infrastructure organizations such as energy producers, utilities and manufacturers, among others). This spike is particularly concerning as many organizations have poor or non-existent visibility of the OT network, especially when it comes to vulnerabilities as active scanning is generally prohibited.
"OT is too often in the dark, and that means security management isn't getting the full picture of cyber risk in their organization," said Kidron. "Even when patchable vulnerabilities are identified, OT engineers are understandably hesitant to install the update, as it could disrupt services, cause equipment damage or even risk life and limb. Organizations with OT networks need to have strategies in place not just for OT vulnerability assessment and patching prioritization, but also to unify such processes with those in the IT network to truly understand and manage risk."
Overall, new vulnerabilities catalogued by MITRE's National Vulnerability Database doubled in 2017. The jump was largely due to organizational improvements at MITRE and increased security research by vendors and third-parties, including vendor-sponsored bug bounty programs. The result is more than 14,000 newly assigned CVEs. Whatever the reason, it introduced yet more challenges to the teams responsible for managing vulnerabilities. "In 2017, if you were still relying on traditional prioritization methods like CVSS scores only, your laundry list just got longer," said Davidson. "In the year ahead, we may well see an even higher figure. Organizations have got to take a drastically different approach to vulnerability management."
Skybox recommends establishing a threat-centric vulnerability management (TCVM) program to adapt to these changes in the threat landscape and those yet to come. The TCVM approach helps security practitioners focus on the small subset of vulnerabilities most likely to be used in an attack by analyzing them from the interconnected perspectives of the business, network and threats in play.
About Skybox Research Lab
The Skybox(TM) Research Lab is team of security analysts who daily scour data from dozens of security feeds and sources as well as investigate sites in the dark web. The Research Lab validates and enhances data through automated as well as manual analysis, with analysts adding their knowledge of attack trends, cyber events and TTPs of today's attackers. Their ongoing investigations determine which vulnerabilities are being exploited in the wild and used in distributed crimeware such as ransomware, malware, exploit kits and other attacks exploiting client- and server-side vulnerabilities.
For more information on the methodology behind the Skybox Research Lab and to keep up with the latest vulnerability and threat intelligence, visit www.vulnerabilitycenter.com.
About Skybox Security
Skybox provides the industry's broadest cybersecurity management platform, delivering comprehensive attack surface visibility. Skybox delivers the context needed to quickly identify and fix vulnerabilities and security weaknesses within large, complex networks - including physical, virtual, multi-cloud and OT environments. The Skybox(TM) Security Suite integrates with more than 120 networking and security technologies to give insight on how to improve efficiency and effectiveness of vulnerability and threat management and firewall and security policy management.
© 2018 Skybox Security, Inc. All rights reserved. Skybox Security and the Skybox Security logo are either registered trademarks or trademarks of Skybox Security, Inc., in the United States and/or other countries. All other trademarks are the property of their respective owners. Product specifications subject to change at any time without prior notice.
Director of Brand and Communications
408-205-1618 | Tawnya.firstname.lastname@example.org
OneChocolate for Skybox Security
North America: Brian Blank
1-415-606-8381 | email@example.com
United Kingdom: Daniel Couzens
+44 (0)20 7437 0227 | DanielC@onechocolatecomms.co.uk
Germany: Melanie Grasser
+49 (0)89 3888 920 10 | MelanieG@onechocolatecomms.de
France: Xavier Delhôme
+33 1 41 31 75 09 | firstname.lastname@example.org
The issuer of this announcement warrants that they are solely responsible for the content, accuracy and originality of the information contained therein.
Source: Skybox Security via Globenewswire
One Liberty Plaza - 165 Broadway
NY 10006 New York
GlobeNewswire is one of the world's largest newswire distribution networks, specializing in the delivery of corporate press releases financial disclosures and multimedia content to the media, investment community, individual investors and the general public.
Følg saker fra GlobeNewswire
Registrer deg med din epostadresse under for å få de nyeste sakene fra GlobeNewswire på epost fortløpende. Du kan melde deg av når som helst.
Siste saker fra GlobeNewswire
Bio-Fence announces a breakthrough in Food Safety18.1.2019 08:11 | Pressemelding
The company have successfully completed a field trial of its new anti-microbial coating technology. The trials demonstrated a significant reduction in bacterial contamination during sensitive food production processes ASHDOD, Israel, Jan. 18, 2019 (GLOBE NEWSWIRE) -- Bio-Fence innovating coating technology announced today the successful completion of an intensive field trial on its innovative anti-microbial technology Pentagon. The trial was held in "Milouoff" (http://www.milouoff.co.il), one of the largest Ready to Eat poultry production sites in Israel and demonstrated superior results for Bio-Fence technology compared to alternatives. According to Mrs. Shiran Davidi, QA manager at Milouoff: “Bio-Fence technology seems to have clear benefits over existing antimicrobial solution. It is safe, highly potent and rechargeable.” The trial involved monitoring the performance of an epoxy floor coated with Bio-Fence anti-microbial technology compared to either commercial Silver Ion coating an
ERYTECH Presents TRYbeCA-1 Trial-in-Progress Poster at the 2019 ASCO GI Annual Meeting18.1.2019 07:00 | Pressemelding
LYON, France and CAMBRIDGE, Mass., Jan. 18, 2019 (GLOBE NEWSWIRE) -- ERYTECH Pharma (Euronext Paris: ERYP - Nasdaq: ERYP), a clinical-stage biopharmaceutical company developing innovative therapies by encapsulating drug substances inside red blood cells, announced that a poster entitled “TRYbeCA-1: A randomized, phase 3 study of eryaspase in combination with chemotherapy versus chemotherapy alone as second-line treatment in patients with pancreatic adenocarcinoma (NCT03665441)” will be presented today at the 2019 American Society of Clinical Oncology (ASCO) Annual Meeting in San Francisco. The poster (Abstract # TPS471) will be available at www.erytech.com after presentation at the conference. In September 2018, the TRYbeCA-1 trial was initiated. The Trial-in-Progress poster will provide an update on the study progress with investigators sites that have been initiated in multiple countries and actively recruiting patients. The trial is planned to enroll approximately 500 patients with
Fossil Group Enters Agreement To Sell Select Smartwatch Technology To Google17.1.2019 18:30 | Pressemelding
Transaction Unlocks Growth Opportunities for Fossil Group’s Wearables Business RICHARDSON, Texas, Jan. 17, 2019 (GLOBE NEWSWIRE) -- Today, Fossil Group (NASDAQ:FOSL) announced its plan to sell to Google for $40 million intellectual property (IP) related to a smartwatch technology currently under development by Fossil Group. As part of the transaction, a portion of Fossil Group’s research and development (R&D) team currently supporting the transferring IP will join Google. Fossil Group retains more than 200 R&D team members to focus on innovation and product development. The transaction showcases Fossil Group and Google’s shared investment in the wearables industry. In recent years, smartwatches have become Fossil Group’s fastest growing category. The company successfully developed and launched smartwatches across 14 of its owned and licensed brands. “Fossil Group has experienced significant success in its wearables business by focusing on product design and development informed by our
Calgon Carbon Corporation Announces Global Price Increase17.1.2019 17:16 | Pressemelding
Pittsburgh, PA, Jan. 17, 2019 (GLOBE NEWSWIRE) -- Calgon Carbon Corporation today announced a global price increase, effective February 1, 2019, where contracts permit, on all activated carbon products and related equipment due to a continued escalation in raw material costs and transportation expenses. The increase is expected to range between 10-15%, depending on the specific product, raw material type, services provided, and global market dynamics. The primary raw materials used for producing activated carbon are coal, coconut shell, and wood, each of which has gone up in price. Additionally, costs associated with both operating manufacturing facilities and transporting materials have also escalated. “Calgon Carbon’s raw material costs have increased significantly. Despite every effort to offset these increases through continuous improvements, the recent rise in raw material costs has exceeded our efforts,” said Jim Coccagno, Chief Commercial Officer for Calgon Carbon Corporation. “
Taconic Biosciences’ Animals Complete Most Recent Mission to the International Space Station17.1.2019 15:29 | Pressemelding
RENSSELAER, N.Y., Jan. 17, 2019 (GLOBE NEWSWIRE) -- Taconic Biosciences, a global leader in providing genetically engineered rodent model solutions, announces the completion of a recent mission to the International Space Station. This project represents a collaboration between the International Space Station (ISS) National Lab, National Aeronautics and Space Administration (NASA), Bioserve Space Technologies with support from the Leidos Corporation, and Taconic. Taconic has participated in several spaceflight missions with NASA since 1985. Most recently, as part of the science and research investigation payloads supported by the SpaceX Commercial Resupply Services missions, Taconic prepared mice to live aboard the International Space Station for extended periods. Previous spaceflight studies demonstrated that mice undergo rapid loss of muscle and bone mass, resembling accelerated aging. Therefore, mice exposed to microgravity via spaceflight are a valuable model to understand and devel
MPP Global Bridges the Innovation Gap by Centralising Physical and Digital Subscriber Management and Billing in a Single Cloud Platform17.1.2019 12:29 | Pressemelding
WARRINGTON, UK, Jan. 17, 2019 (GLOBE NEWSWIRE) -- MPP Global, the technology company that delivers eSuite, the world’s smartest subscriber management & billing platform, announces the launch of pivotal new functionality which enables media organisations to seamlessly create and manage the sale of physical subscriptions. This positions eSuite as the complete physical and digital subscription management solution. The development of this industry-first functionality was borne out of the common challenge for publishers when managing multiple systems for deploying bundled print and digital subscriptions. This is inflexible for publishers and limits choice for their customers, restricting the ability to seamlessly create and offer digital and print subscription bundles. Despite increased consumer uptake of digital subscriptions, print still accounts for almost 90% of circulation revenues globally. To drive reader revenues successfully, publishers require functionality to execute complementar