Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

4/12/2016
09:45 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Zero-Day Discoveries A Once-A-Week Habit

Symantec threat report shows growth in zero-day vulns to enable more targeted attacks.

A new zero-day vulnerability was discovered every week in 2015, with attackers increasingly homing their crosshairs on Adobe Flash, according to the latest Internet Security Threat Report (ISTR) released today by security researchers at Symantec.

The report took a broad-based look at the biggest trends in cyberattack techniques and breach trends in the last year, with some startling vulnerability statistics bubbling up in the findings. Chief among them that new zero-day vulnerability discoveries jumped by 125% in 2015, even as the total number of new vulnerabilities reported and patched actually decreased by 15% compared to 2014.  

The sharp rise in zero days showed how economic incentives are shaping vulnerability-hunting and exploit for the bad guys.

"Given the value of these vulnerabilities, it’s not surprising that a market has evolved to meet demand," the ISTR said. "Targeted attack groups exploit the vulnerabilities until they are publicly exposed, then toss them aside for newly discovered vulnerabilities."

The report found that four of the top five most exploited zero-day vulnerabilities were those found in Adobe Flash, which Symantec researchers pegged as being software whose days are numbered due to security woes.

"From a security perspective, we expect Adobe Flash will gradually fall out of common usage over the next year," the report said.

Gain insight into the latest threats and emerging best practices for managing them. Attend the Security Track at Interop Las Vegas, May 2-6. Register now!

Many of these targeted zero-day attacks are delivered by way of spearphishing campaigns, which Symantec reports increased by 55% last year. According to the firm, large companies subjected to targeted spear-phishing campaigns see an average of 3.6 successful attacks per campaign. Though targeted spearphishing attacks are distributed across all sectors and business sizes, the largest distribution appears to be among finance, insurance, and real estate firm. Meanwhile, those firms with over 2,500 employees were at higher risk of being targeted.

In addition to spearphishing, targeted attackers also continue to lean heavily on watering-hole attacks that exploit compromised websites to deliver malware to unsuspecting visitors.

"Sophisticated watering-hole attacks, using compromised websites, activate only when a visitor to that website originates from a particular IP address," the report explained. "Reducing collateral damage in this way makes it less likely that the covert attack is discovered. Moreover, this approach also makes it more difficult for security researchers who may visit the website from a different location."

Watering-hole attacks are made easy to execute given the number of holes found within the average web property today. According to Symantec, 78% of websites today suffer from vulnerabilities, with one in seven of those being critical vulnerabilities that allow malicious code to be run without any user interaction. These are numbers that Symantec has said have held pretty steady over the last few years, suggesting that website owners are not making progress on the problem.

Related Content:

 

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-22677
PUBLISHED: 2021-05-07
An integer overflow exists in the APIs of the host MCU while trying to connect to a WIFI network may lead to issues such as a denial-of-service condition or code execution on the SimpleLink Wi-Fi (MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK v4.30.00.06 and prior, CC13X0 SDK versions prior to v4....
CVE-2021-29495
PUBLISHED: 2021-05-07
Nim is a statically typed compiled systems programming language. In Nim standard library before 1.4.2, httpClient SSL/TLS certificate verification was disabled by default. Users can upgrade to version 1.4.2 to receive a patch or, as a workaround, set "verifyMode = CVerifyPeer" as documente...
CVE-2020-4901
PUBLISHED: 2021-05-07
IBM Robotic Process Automation with Automation Anywhere 11.0 could allow an attacker on the network to obtain sensitive information or cause a denial of service through username enumeration. IBM X-Force ID: 190992.
CVE-2021-21419
PUBLISHED: 2021-05-07
Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to reas...
CVE-2021-27437
PUBLISHED: 2021-05-07
The affected product allows attackers to obtain sensitive information from the WISE-PaaS dashboard. The system contains a hard-coded administrator username and password that can be used to query Grafana APIs. Authentication is not required for exploitation on the WISE-PaaS/RMM (versions prior to 9.0...