OT Risk Gets Serious, New Backdoor Samples Soar and Volume of Medium-Severity Vulnerabilities Increases

Skybox® Security, a global leader in cybersecurity management, today announced the release of its latest Vulnerability and Threat Trends Report which analyses the vulnerabilities, exploits and threats in play over last year. The report, compiled by the team of security analysts at the Skybox® Research Lab, aims to help organisations align their security strategy with the reality of the current threat landscape.

Key findings from the report include:
• New backdoor samples quadrupled
• OT advisories grew by over 50 percent
• The number of new cryptomining samples halved between 2018 and 2019
• Compared to 2018’s figures, vulnerabilities within Microsoft OSs increased by 66 percent in 2019

Ron Davidson, VP of R&D and CTO for Skybox Security commented on the increase in new OT advisories.

“The need for greater protections within OT networks is clearer than ever: not only has a record number of new OT advisories been disclosed by ICS-CERT, the technology is also increasingly exposed to IT vulnerabilities as it becomes unavoidably linked with more internet-connected devices and applications. In order to combat this increasing threat, security teams need to find ways to passively discover vulnerabilities within OT networks and find alternatives to patching when patching isn’t an option.”

The decline in creation of new cryptomining samples is also notable. Last year, cryptominers became criminals’ malware of choice. This year, owing in large part to a global decline in the value of cryptocurrency, the creation of new miners has declined. More traditional forms of malware fill the gap left by cryptominers, with new backdoor samples becoming 2019’s top malware family, followed by ransomware (with new samples increasing by 116 percent) and botnets (with an increase of 83 percent).

Another takeaway from the report is that the volume of vulnerabilities with medium-severity Common Vulnerability Scoring System (CVSS) scores is increasing: while the total number of new vulnerability reports appears to be stabilising – this year there was a modest rise of 3.8 percent to 17,220 new flaws – the share of medium-severity instances increased from 34 percent in 2018 to 40 percent in 2019. This increase comes at the expense of high-severity vulnerabilities, which declined by around 5 percent.

“Just because a vulnerability is classified as having medium severity, it doesn’t mean that it carries a medium risk” said Sivan Nir, Threat Intelligence Team Leader at Skybox Security.

“What matters is how each vulnerability relates to the security environment that it sits in. Security teams need to stop being blinded by CVSS scores. While they’re distracted by remediating all of their critical- and high-severity vulnerabilities, they could be ignoring an exposed medium-severity vulnerability. In order to better protect their infrastructure, the CISO needs to find smarter ways of working. This starts with gaining full network visibility and enforcing exposure-based remediation strategies.”

Whether protecting against backdoors and ransomware, threats to the OT network or simply trying to keep up with what vulnerability to fix next, incorporating accurate, up-to-date threat intelligence in vulnerability management programs will give organisations they edge they need to counter a dynamic threat landscape. Skybox’s approach formalises this into a systematic process where vulnerabilities are discovered regularly and on demand; prioritised in the context of the network, assets and threats; and remediated or mitigated in accordance with the risk they pose. Such an approach is vital to being proactive against today’s threats and adaptive to those yet to come.