Server-side exploits dominated cyber threat landscape in 2017

IANS
Thursday, February 8, 2018

During 2017, 76 per cent of the total exploits affected server-side applications, which is up 17 points when compared to 2016, a report by global cybersecurity firm Skybox Security said on Wednesday.

The "Vulnerability and Threat Trends Report" said that cyber criminals leveraged existing attack tools rather than developing new ones. Using the same attack, the criminals targeted as many victims dubbed as 'low-hanging fruits' as possible.

According to Ron Davidson, Skybox Security Chief Technology Officer, dealing with server-side vulnerabilities is always more difficult because the higher-value assets require more consideration.

"Organisations need to have the means to understand these server-side vulnerabilities in context of the asset criticality, the surrounding topology and security controls, and the exploit activity in the wild. Only then can they accurately decide the optimal patching priority and schedule," he said.

The increase in server-side exploits corresponds with the continued decline in the use of exploits kits relying on client-side vulnerabilities, which accounted for only a quarter of exploits in the wild last year, the report said.

"This does not mean that exploit kits are gone," added Marina Kidron, Senior Security Analyst and Group Leader of the Skybox Research Lab.

"We know that cybercriminals are constantly changing tactics so the next 'exploit kit giant' is very likely in development as we speak. We also suspect that some kits have 'gone private,' and are used exclusively by their developers in hopes of prolonging their viability," Kidron noted.

Instances of newly-published sample exploit code have also increased, with the monthly average jumping 60 per cent in 2017.

With minimal adjustments -- or none at all -- attackers can turn these samples into fully functioning exploits for their own use.

This scenario was the case with the "NSA Eternal Blue" exploit leaked by hacker group "The Shadow Brokers" and was used in the "WannaCrypt" and "Not Petya" cyber attacks, among others.

"Such leaks are putting advanced attack tools in the hands of lower-skilled cyber attackers, enhancing the capabilities of an already well-outfitted threat landscape," the report pointed out.

The report also said that in 2017, there was a 120 per cent increase in new vulnerabilities specific to operational technology (OT) compared to the previous year.

OT includes monitoring and control devices common in critical infrastructure organisations such as energy producers, utilities and manufacturers, among others.

Express your comment on this article

Submit your comments...
     
Disclaimer: The views expressed here are strictly personal and IndiansinKuwait.com does not hold any responsibility on them. We shall endeavour to upload/publish as many of the comments that are submitted as possible within a reasonable span of time, but we do not guarantee that all comments that are submitted will be uploaded/published. Messages that harass, abuse or threaten other members; have obscene, unlawful, defamatory, libellous, hateful, or otherwise objectionable content; or have spam, commercial or advertising content or links are liable to be removed by the editors. We also reserve the right to edit the comments that do get published. Please do not post any private information unless you want it to be available publicly.

Community News
 

Kuwait's popular money exchange company Al Muzaini Exchange supported the Konkani theater lovers in Kuwait by supporting th...

The American Society of Safety Professionals (ASSP), Kuwait Chapter and District 20 team, under the guidance of Division E D...

IDAK conducts Seminar & Camp . The Indian Dentists’ Alliance in Kuwait ( IDAK ) conducted a seminar titled “ Lifestyle and H...

‘Vazhakula Reloaded’ presented by Mareena Moving Arts bagged three awards including the Best Play, Best Director and the Bes...

As a part of Shaastrotsav, American Society of Safety Professionals (ASSP) is conducting Shaastrotsav – ASSP Painting and Co...