The new Vulnerability and Threat Trends Report released today by the Skybox Research Lab includes security analyst research of the vulnerabilities, exploits and threats that are shaping the threat landscape. The report outlines the top six vulnerabilities to follow in 2018 amid the 14,000 new vulnerabilities catalogued by MITRE’s National Vulnerability Database the previous year.
To read the full report, click here.
New CVEs Double in 2017
In 2017, the number of new vulnerabilities assigned a CVE by MITRE was more than double that of 2016. The jump was largely due to organizational improvements at MITRE and increased security research by vendors and third–parties, including vendor–sponsored bug bounty programs. The result was more than 14,000 newly assigned CVEs. Whatever the reason, it introduced yet more challenges to the teams responsible for managing vulnerabilities and prioritizing which to fix first.
To help you sort through the clutter, Skybox has put together a short-list of top vulnerabilities to follow in 2018:
Oracle WebLogic Server
- Easily exploitable vulnerability via HTTP capable of compromising Oracle WebLogic, a Java EE application server
- Has been documented as downloading and executing cryptocurrency miners
Apache Struts 2 Vulnerability
- RCE vulnerability
- Easy attack vector, similar to the vulnerability used in the Equifax data breach
Microsoft Windows Vulnerability in Windows Search Service
- RCE vulnerability that does not require user interaction
Microsoft XML Services Vulnerability
- Added to the Astrum exploit kit (aka Stegano)
- Recently used in a malvertising campaign delivering the Mole ransomware
Microsoft Office Vulnerability
- RCE vulnerability which could allow for memory corruption
- Delivered by a phishing email with an RTF attachment
- A zero–day, the vulnerability was in use in actual attacks months before Microsoft’s patch in October 2017
- Allows root access with no authentication
- Not exploited in the wild (as of the publishing of this report), but attack vector is trivial
Of course, the particular threat any of these vulnerabilities pose will be affected by the network in which they exist and their use by threat actors. That’s why Skybox recommends establishing a threat–centric vulnerability management (TCVM) program to adapt to changes in the threat landscape and your organization. The TCVM approach helps security practitioners establish their own list of vulnerabilities to follow, focusing those most likely to be used in an attack. Identifying these vulnerabilities requires analysis of vulnerabilities in relation to the business, network and threats in play, prioritizing those that are exposed or actively exploited in the wild for immediate remediation.
To learn more about Skybox TCVM, visit skyboxsecurity.com/tcvm.
About the Vulnerability and Threat Trends Report
The inaugural report aims to help organizations align their security strategy with the reality of the current threat landscape. The force behind the report is the Skybox™ Research Lab, a team of security analysts who daily scour data from dozens of security feeds and sources as well as investigate sites in the dark web. They validate and enhance data through automated as well as manual analysis, with adding their knowledge of attack trends, cyber events and TTPs of today’s attackers.
CVEs Abound, But Not Enough to Secure the Enterprise: While MITRE improves catalog methods, it still falls short to improve vulnerability management programs and prioritization to tackle today’s threats.