Top Cybersecurity Risks: Information on recent significant attacks
A new bi-annual report highlights the most significant security attacks over the last six months, as well as the vulnerabilities these attacks exploit and how they can harm business. The report shows that many businesses are still extremely vulnerable to security attacks that can damage brand reputations and business operations. These attacks are growing in quantity and frequency, as well as becoming more impactful to business operations. With many different types of attacks targeting the enterprise, it is becoming difficult for organizations to see which threats pose the greatest risk.
Presented by security experts TippingPoint, SANS Institute and Qualys, the report uses current data from appliances and software in thousands of targeted organizations to provide a view of the attacks and the vulnerabilities they exploit.
“By combining information on attacks with data on specific vulnerabilities, we can provide organizations with real, actionable information for protecting their systems,” said Alan Paller, director of research for the SANS Institute. “Our goal in releasing this is to give overwhelmed security professionals the tools they need to prioritize their resources and security practices to achieve the best protection for their network.”
Key findings include:
• Unpatched popular client-side applications put businesses at risk for data theft: PC applications often remain unpatched, compromising these machines to be used to propagate attacks and compromise internal computers. This leaves a window open for hackers to steal critical data, impact network performance and affect business continuity. Examples of these applications include Adobe Acrobat Reader, Microsoft Office and Apple QuickTime.
• The number of Web application attacks is increasing, elevating the threat posed by previously trusted Web sites: Web applications comprise more than 60 percent of the total attack attempts occurring on the Internet. These vulnerabilities are being exploited widely to convert trusted Web sites into malicious servers serving client-side exploits.
• Operating system vulnerabilities are decreasing, but still pose a significant threat to an organization’s security resources: Operating systems (OS) have a lower number of vulnerabilities that can be remotely exploited to become massive Internet worms. The Conficker/Downadup is the exception and represents a major hole in many organizations’ security strategy. Attacks on Microsoft OS were dominated by Conficker/Downadup worm variants. For the past six months, over 90 percent of the attacks recorded for Microsoft targeted the buffer overflow vulnerability described in the Microsoft Security Bulletin MS08-067.
• A growing number of vulnerability researchers is causing a backlog of unpatched software and a greater risk that these will be exploited: The number of people discovering zero day vulnerabilities is growing fast, yielding a growing number of vulnerabilities that remain unpatched — some for as long as two years. This lag time in patching increases the chance of hackers creating an exploits targeting those vulnerabilities.
“The security attacks we describe in this report pose the highest risk for disrupting business operations,” said Rohit Dhamankar, director of TippingPoint’s DVLabs security research team. “For organizations, understanding these attacks and how they exploit the vulnerabilities inherent in the network is a critical first step in building an effective security strategy.”
“Our data, which is derived anonymously from over 100 million scans, is showing a lag in the installation of security patches to productivity applications such as Abode Reader, Microsoft Office and Apple’s QuickTime,” added Wolfgang Kandek, CTO of Qualys and author of the Laws of Vulnerabilities. “Since these applications are widely installed, we advise organizations to include them in their regular patching process.”
In addition to identifying security risks, this report also provides recommendations for mitigating these threats. One of the report’s most valuable insights discusses “Twenty Critical Controls for Effective Cyber Defense,” which were released a few weeks ago. These controls gather the best practices from renowned security researchers. The report maps these controls to the specific vulnerabilities discussed.