Home / News / About 5.5% of detected vulnerabilities used for implementation real attacks

About 5.5% of detected vulnerabilities used for implementation real attacks

A group of researchers from the Virginia University in cooperation with Cyentia and RAND companies, published the results of risk analysis for application various strategies to fix vulnerabilities.

After examining 476 thousand vulnerabilities found from 2009 to 2018, it was revealed that only 4,183 of them (5.5%) were used to carry out real attacks.

“The ability to effectively assess the risk of a vulnerability, to understand how prevalent it is, and to makeinferences about the risk it poses to either a single firm, or to sectors of critical infrastructure, is anextraordinarily important matter. Indeed, it is one of the foundations of information security riskmanagement, domestic protection of critical infrastructure, and even national security”, — consider researchers.

The resulting figure is five times higher than previously published forecasts, in which the number of exploited problems was estimated at about 1%.

At the same time, no correlation was found between the publication in open access exploits’ prototypes and attempts to exploit vulnerabilities. From all the facts of exploitation of vulnerabilities that are known to researchers, only in half of the cases exploit was published in open sources. Absence of exploit’s prototype does not stop the attackers, who, if necessary, create exploits on their own.

Among other conclusions, one can note the demand for exploitation of mainly vulnerabilities with a high level of danger according to CVSS classification. In almost half of the attacks, were used vulnerabilities with a score of at least 9.

The total number of exploit prototypes published during the period estimated at 9726. The exploit data used in the study was obtained from the collections of Exploit DB, Metasploit, D2 Security’s Elliot Kit, Canvas Exploitation Framework, Contagio, Reversing Labs and Secureworks CTU.

Published exploits vs exploits in the wild
Published exploits vs exploits in the wild
Vulnerability information was obtained from the NIST NVD (National Vulnerability Database). Information about operation was summarized on the basis of information from FortiGuard Labs, SANS Internet Storm Center, Secureworks CTU, Alienvault’s OSSIM and ReversingLabs.

The study was conducted to determine the optimal balance between use of updates in identifying any vulnerabilities and eliminating only the most dangerous problems.

In the first case, the high efficiency of protection is provided, but large resources are required to maintain the infrastructure, which is spent mainly on fixing minor problems.

In the second case, there is a high risk of missing a vulnerability that can be used to attack. The study showed that when deciding to install an update with the elimination of a vulnerability, you should not rely on the lack of a published prototype of the exploit and the chance of exploitation directly depends on the level of danger of the vulnerability.

Source: https://weis2019.econinfosec.org

[Total: 1    Average: 5/5]

About Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Check Also

Tortoiseshell attacks Saudi IT companies

Tortoiseshell cybercrime attacks Saudi IT companies

Over the past 14 months, the Tortoiseshell cybercriminal group has attacked at least 11 IT …

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.