New Vulnerabilities Soar, OT Attacks on the Rise and Cryptominers Reign Supreme, According to Report

Skybox Security’s 2019 Vulnerability and Threat Trends Report analyzes what shaped the threat landscape over 2018 and what it means for the year ahead


SAN JOSE, Calif., Jan. 29, 2019 (GLOBE NEWSWIRE) --  Skybox® Security, a global leader in cybersecurity management, today announced the release of its latest Vulnerability and Threat Trends Report which analyzes the vulnerabilities, exploits and threats in play over the previous year. The report, compiled by the team of security analysts at the Skybox® Research Lab, aims to help organizations align their security strategy with the reality of the current threat landscape.

What stands out first from the data is the sheer volume of new vulnerabilities published in 2018. The National Vulnerability Database (NVD) assigned 16,412 new CVEs, a 12-percent increase over the previous year. That may seem like a small climb, but the 2017 figure was already an all-time high, and Skybox Director of Threat Intelligence Marina Kidron believes these record-breaking figures are the new normal.

“It would come as no surprise if 2019 breaks the CVE record again,” said Kidron. “While more resources in vulnerability research is what’s driving these high numbers, that’s cold comfort to CISOs trying to keep their organization safe. The challenge of answering, ‘What do I fix today?’ is only getting harder — unless you have the right information to contextualize this mountain of data. That’s what drives the work we’re doing and why we publish the report.”

Ron Davidson, Skybox CTO and vice president of R&D, echoed a similar sentiment: “If you’re hanging your vulnerability management strategy on fixing CVSS critical- or high-severity vulnerabilities, 2018 added about 9,000 vulnerabilities to that list; it’s simply no longer practical to ‘focus’ attention on this large group. Exploitability — what’s being used in the wild, what sample code is available — is a more important indicator of what should get attention first. It’s something many vulnerability management programs lack, so their resources are going in the wrong place and they’re not moving the needle on risk.”

Other findings of the report include risks to the growing attack surface, including operational technology (OT) networks. Attacks on OT continue to climb with a 10-percent increase between 2017 and 2018. While these attacks range in motive and impact, the WannaCry outbreak in Taiwan Semiconductor Manufacturing Company was a prime example of how a cybercriminal tool like ransomware, nation-state threats and internal exposure can create the perfect storm to wreak havoc on a network, as well as a company’s bottom line.

The report also warns of a false sense of security in cloud networks. While security of clouds is relatively strong, misconfiguration issues within them can still abound and security issues can arise within the applications used to manage such networks.

A number of examples can be given of attacks on cloud networks, but a notable one from 2018 targeted Tesla’s Amazon Web Services network. While attackers could have accessed a variety of information, they instead used the opportunity to launch a malicious cryptominer, pointing to a larger trend in the threat landscape of stealing computational power rather than data. In 2017, ransomware reigned supreme accounting for 28 percent of malware attacks, while cryptominers only made up 9 percent. Those figures essentially flipped in 2018, with ransomware dropping to 13 percent of malware attacks and cryptominers soaring to 27 percent.

“While cryptomining may seem like a relatively innocuous, low-priority threat, it’s important to remember that these attacks slow down system processes and may overwhelm system capacity,” said Skybox Senior Security Analyst Sivan Nir. “More than that, it’s impossible to predict what the attacker’s end goal may be. The cryptominer may be only part of a larger attack structure. By letting them set up home in your network, you’re inviting them to try to gain access to other parts of your environment.”

Whether protecting against cryptominers, threats to the OT network or simply trying to keep up with what vulnerability to fix next, incorporating threat intelligence in vulnerability management programs will give organizations the edge they need to counter a dynamic threat landscape.

To read the full 2019 Vulnerability and Threat Trends Report, click here.

Tweet This: A record number of vulnerabilities were published in 2018, with #cryptominers leading the pack of malware attacks. Just a few takeaways from the @SkyboxSecurity Vulnerability & Threat Trends Report 2019: http://ow.ly/i72D30nuhGe      

About Skybox Research Lab  
The Skybox Research Lab is a team of security analysts who daily scour data from dozens of security feeds and sources as well as investigate sites in the dark web. The Research Lab validates and enhances data through automated as well as manual analysis, with analysts adding their knowledge of attack trends, cyber events and TTPs of today’s attackers. Their ongoing investigations determine which vulnerabilities are being exploited in the wild and used in distributed crimeware such as ransomware, malware, exploit kits and other attacks exploiting client– and server–side vulnerabilities. 

For more information on the methodology behind the Skybox Research Lab and to keep up with the latest vulnerability and threat intelligence, visit www.vulnerabilitycenter.com

About Skybox Security

www.skyboxsecurity.com

Skybox provides the industry’s broadest cybersecurity management platform to address security challenges within large, complex networks. By integrating with 120 networking and security technologies, the Skybox® Security Suite gives comprehensive attack surface visibility and the context needed for informed action. Our analytics, automation and intelligence improve the efficiency and performance of security operations in vulnerability and threat management and firewall and security policy management for the world’s largest organizations.

© 2019 Skybox Security, Inc. All rights reserved. Skybox Security and the Skybox Security logo are either registered trademarks or trademarks of Skybox Security, Inc., in the United States and/or other countries. All other trademarks are the property of their respective owners. Product specifications subject to change at any time without prior notice.

CONTACT INFORMATION

Victoria Davis Schmidt
Corporate Communications for Skybox Security
571.340.0181 | Victoria.Schmidt@skyboxsecurity.com

OneChocolate for Skybox Security
United Kingdom: Daniel Couzens
+44 (0)20 7437 0227 | DanielC@onechocolatecomms.co.uk

Germany: Stephanie Thoma
+49 (0)89 388 892 012| Stephaniet@onechocolatecomms.de

France: Xavier Delhôme
+33 1 41 31 75 09 | xavier@onechocolate.fr

Alliance Public Relations Pvt. Ltd.
India: Meenakshi Lenka
+91-9810577773 | meenakshi@proalliancepr.co