California-based SIEM vendor AlienVault records the anonymised security event information from their customers as well as the reports from other vendors in the field through their Open Threat Exchange (OTX) platform. The aim for this collaboration is to generate findings for mutual improvement in efficiency and comprehensiveness in their solutions. To help the layperson, AlienVault also uses these findings to report on the evolution of the digital threat landscape.
Today, AlienVault releases the first part of their 2017 findings, focused on systems exploits. The second part will zero in on malware of concern and trends, and the third will delve into bad third-party actors.
Here are some of the key findings from Part 1:
Exploit Proliferation is Increasing
Hacking is a global threat, and AlienVault’s findings show that global truly means global. The most popular exploit in the world—CVE-2017-0199—has appeared in attacks originating from places as diverse as North Korea, China, Iran, and Russia. Criminal organization from across the world have also participated in exploit abuse.
According to the results, malicious activity from actors in China have decreased whereas hacks from North Korea and Russia have increased.
Exploits Have a Long Shelf Life
Even while detection and response efforts have seen a steady uptick in recent years, hackers can abuse the same exploits for years after their discovery and subsequent “patch.” One of the most popular exploits, cataloged as CVE-2012-0158, has been the means of cyberattack for the past decade. Another has been in use since at least 2010 and had a brief surge in popularity in 2015.
The Most Popular Exploits Utilize Microsoft Programs
This is in part because of Microsoft is omnipresent in the computing world. If an exploit can get past their security processes it can spread like wildfire and threaten servers and programs around the world.
These Findings Only Scratch the Surface
Even though thousands of exploits are cataloged every year, thousands more go unreported or unnoticed. This may be part of the new paradigm of malwareless attacks exploiting natural processes to bypass security detection tools.
You can read more about part 1 of the report here.
Latest posts by Ben Canner (see all)
- A Conversation with Travis Knapp-Prasek of NCC Group on Phishing Attacks - April 2, 2020
- The Marriott 2020 Breach: What You Need to Know - April 1, 2020
- Business SIEM Advice for After the End of Coronavirus - March 31, 2020