Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
30% of Q4 Malware was New or Zero-Day
Newest First  |  Oldest First  |  Threaded View
HardenStance
HardenStance,
User Rank: Strategist
3/31/2017 | 4:31:33 PM
New ?
I'm not about to dispute that traditional AV misses a good amount of malware.

The proposition that a "30%" failure rate is a realiable benchmark for a universal catch-all benchmark for "traditional AV" - whatever that is nowadays - sounds pretty high to me.

And that "30%" is "new"? "Zero-day" ?

Presumably that 30% includes stuff with the tiniest of code deviations from a long established malware family? Is that really 'new' ?

There's certainly the core of a decent case here. I'm good with that.

Seems to me there's a bit of 'amplification' going on as well, though.

 

 

 
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
3/31/2017 | 3:15:42 PM
Level 3's Chris Richter's take.
I recently chitchatted with Level 3's SVP of Global Security Services, Chris Richter, about this very issue in the enterprise cloud context.

He very readily noted that "From a cloud service provider perspective, the one thing they really need to be wary of, and very cognizant of, is that most of the breaches that occurred last year -- the big, big breaches -- did not involve malware at all. They didn't involve any fancy cutting-edge brilliantly written malicious code. It was all mostly zero-day vulnerabilities that the perpetrators were able to take advantage of. In these virtualized cloud environments, that still remains a huge risk, and the cloud operators need to stay ahead. They need to stay ahead of vulnerabilities and they need to have a Plan B should a zero-day attack happen."

He went on to point out the brisk business that zero-day vulnerabilities have on the black market and gray market -- and that many of the WikiLeaks vulnerabilties had already been long-known to the hacker community.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Developing and Testing an Effective Breach Response Plan
Whether or not a data breach is a disaster for the organization depends on the security team's response and that is based on how the team developed a breach response plan beforehand and if it was thoroughly tested. Inside this report, experts share how to: -understand the technical environment, -determine what types of incidents would trigger the plan, -know which stakeholders need to be notified and how to do so, -develop steps to contain the breach, collect evidence, and initiate recovery.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-4278
PUBLISHED: 2022-12-03
A vulnerability was found in SourceCodester Book Store Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /hrm/employeeadd.php. The manipulation of the argument empid leads to sql injection. The attack may be initiated remotely. The exploit h...
CVE-2022-4279
PUBLISHED: 2022-12-03
A vulnerability classified as problematic has been found in SourceCodester Human Resource Management System 1.0. Affected is an unknown function of the file /hrm/employeeview.php. The manipulation of the argument search leads to cross site scripting. It is possible to launch the attack remotely. The...
CVE-2022-4280
PUBLISHED: 2022-12-03
A vulnerability, which was classified as problematic, has been found in Dot Tech Smart Campus System. Affected by this issue is some unknown functionality of the file /services/Card/findUser. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been ...
CVE-2022-4277
PUBLISHED: 2022-12-03
A vulnerability was found in Shaoxing Background Management System. It has been declared as critical. This vulnerability affects unknown code of the file /Default/Bd. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to t...
CVE-2022-4275
PUBLISHED: 2022-12-03
A vulnerability has been found in House Rental System and classified as critical. Affected by this vulnerability is an unknown functionality of the file search-property.php of the component POST Request Handler. The manipulation of the argument search_property leads to sql injection. The attack can ...