Server-side exploits dominated cyber threat landscape in 2017

During 2017, 76 per cent of the total exploits affected server-side applications, which is up 17 points when compared to 2016, a report by global cybersecurity firm Skybox Security said on Wednesday.

The "Vulnerability and Threat Trends Report" said that cyber criminals leveraged existing attack tools rather than developing new ones. Using the same attack, the criminals targeted as many victims dubbed as 'low-hanging fruits' as possible.

According to Ron Davidson, Skybox Security Chief Technology Officer, dealing with server-side vulnerabilities is always more difficult because the higher-value assets require more consideration.

"Organisations need to have the means to understand these server-side vulnerabilities in context of the asset criticality, the surrounding topology and security controls, and the exploit activity in the wild. Only then can they accurately decide the optimal patching priority and schedule," he said.

The increase in server-side exploits corresponds with the continued decline in the use of exploits kits relying on client-side vulnerabilities, which accounted for only a quarter of exploits in the wild last year, the report said.

"This does not mean that exploit kits are gone," added Marina Kidron, Senior Security Analyst and Group Leader of the Skybox Research Lab.

"We know that cybercriminals are constantly changing tactics so the next 'exploit kit giant' is very likely in development as we speak. We also suspect that some kits have 'gone private,' and are used exclusively by their developers in hopes of prolonging their viability," Kidron noted.

Instances of newly-published sample exploit code have also increased, with the monthly average jumping 60 per cent in 2017.

With minimal adjustments -- or none at all -- attackers can turn these samples into fully functioning exploits for their own use.

This scenario was the case with the "NSA Eternal Blue" exploit leaked by hacker group "The Shadow Brokers" and was used in the "WannaCrypt" and "Not Petya" cyber attacks, among others.

"Such leaks are putting advanced attack tools in the hands of lower-skilled cyber attackers, enhancing the capabilities of an already well-outfitted threat landscape," the report pointed out.

The report also said that in 2017, there was a 120 per cent increase in new vulnerabilities specific to operational technology (OT) compared to the previous year.

OT includes monitoring and control devices common in critical infrastructure organisations such as energy producers, utilities and manufacturers, among others.

--IANS

sku/qd/bg