Half a year is a long time in the world of cybersecurity. The first half of 2019 saw Apple’s FaceTime bug stealing headlines, Microsoft pile up a number of zero-day vulnerabilities, the French government wishing they’d taken the security of their ‘secure’ chat app more seriously and left us with the specter of BlueKeep breathing eerily down every Windows-enabled organization’s neck.
A lot changes in six months. That’s why we recently released the mid-year update to our Vulnerability and Threat Trends Report. The picture that it paints is of a landscape that’s increasing in complexity. While there was a decrease in reported vulnerabilities over the first six months of the year, the 7,318 new vulnerabilities published between January and the end of June present a significant challenge to security teams across the globe.
The report brings much-needed context to these new vulnerabilities. It also provides concise and comprehensive information about newly developed exploits, new exploit–based malware and attacks, current threat tactics and more. This information, alongside insight and recommendations from the Skybox Research Lab, aim to help you to align security strategies which can effectively manage the complex challenges of the current threat landscape.
Key Findings of the Vulnerability and Threat Trends Report 2019
Only a tenth of vulnerabilities have a developed exploit.
The good news is that of the more than 7000 vulnerabilities published in the first half of 2019, a small fraction will ever have an exploit, with less than one percent exploited in the wild. The bad news: increasing network complexity makes it difficult to understand which of those vulnerabilities are exposed to potential attacks or exist on important assets, representing a critical risk.
Trend of broad–reaching vulnerabilities continues, with heavy concentration in CPU side-channel info leaks.
Vulnerabilities often exist across programs or software modules which share code. In the first half of 2019, chip-level vulnerabilities like Spectre/ Meltdown were particularly numerous, making collateral damage of “downstream technology” such as operating systems or browsers running on affected architecture. In the first half of 2019, 40 vulnerabilities had the capability to impact three or more vendors.
Tide turns away from cryptomining – ransomware, botnets and backdoors fill the vacuum.
In 2018, malicious cryptomining reigned supreme as the cybercriminal tool of choice. But with the decline in cryptocurrency value, and with Coinhive shutting down, attackers have turned back to their old reliables. Usage of ransomware, botnets and backdoors jumped 10, eight and 18 percentage points, respectively, between the first half of 2018 and the same period this year.
Cloud container vulnerabilities in steady climb.
As use of various cloud services has grown, so too have their vulnerabilities. Vulnerabilities in container software have increased by 46 percent in the first half of 2019 compared to the same period in 2018. Looking at the two year trend of container vulnerabilities published in first halves, container vulnerabilities have increased by 240 percent.