Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

4/12/2016
09:45 PM
Connect Directly
Twitter
Twitter
RSS
E-Mail
50%
50%

Zero-Day Discoveries A Once-A-Week Habit

Symantec threat report shows growth in zero-day vulns to enable more targeted attacks.

A new zero-day vulnerability was discovered every week in 2015, with attackers increasingly homing their crosshairs on Adobe Flash, according to the latest Internet Security Threat Report (ISTR) released today by security researchers at Symantec.

The report took a broad-based look at the biggest trends in cyberattack techniques and breach trends in the last year, with some startling vulnerability statistics bubbling up in the findings. Chief among them that new zero-day vulnerability discoveries jumped by 125% in 2015, even as the total number of new vulnerabilities reported and patched actually decreased by 15% compared to 2014.  

The sharp rise in zero days showed how economic incentives are shaping vulnerability-hunting and exploit for the bad guys.

"Given the value of these vulnerabilities, it’s not surprising that a market has evolved to meet demand," the ISTR said. "Targeted attack groups exploit the vulnerabilities until they are publicly exposed, then toss them aside for newly discovered vulnerabilities."

The report found that four of the top five most exploited zero-day vulnerabilities were those found in Adobe Flash, which Symantec researchers pegged as being software whose days are numbered due to security woes.

"From a security perspective, we expect Adobe Flash will gradually fall out of common usage over the next year," the report said.

Gain insight into the latest threats and emerging best practices for managing them. Attend the Security Track at Interop Las Vegas, May 2-6. Register now!

Many of these targeted zero-day attacks are delivered by way of spearphishing campaigns, which Symantec reports increased by 55% last year. According to the firm, large companies subjected to targeted spear-phishing campaigns see an average of 3.6 successful attacks per campaign. Though targeted spearphishing attacks are distributed across all sectors and business sizes, the largest distribution appears to be among finance, insurance, and real estate firm. Meanwhile, those firms with over 2,500 employees were at higher risk of being targeted.

In addition to spearphishing, targeted attackers also continue to lean heavily on watering-hole attacks that exploit compromised websites to deliver malware to unsuspecting visitors.

"Sophisticated watering-hole attacks, using compromised websites, activate only when a visitor to that website originates from a particular IP address," the report explained. "Reducing collateral damage in this way makes it less likely that the covert attack is discovered. Moreover, this approach also makes it more difficult for security researchers who may visit the website from a different location."

Watering-hole attacks are made easy to execute given the number of holes found within the average web property today. According to Symantec, 78% of websites today suffer from vulnerabilities, with one in seven of those being critical vulnerabilities that allow malicious code to be run without any user interaction. These are numbers that Symantec has said have held pretty steady over the last few years, suggesting that website owners are not making progress on the problem.

Related Content:

 

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
10 Ways to Keep a Rogue RasPi From Wrecking Your Network
Curtis Franklin Jr., Senior Editor at Dark Reading,  7/10/2019
The Security of Cloud Applications
Hillel Solow, CTO and Co-founder, Protego,  7/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-13611
PUBLISHED: 2019-07-16
An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted.
CVE-2019-0234
PUBLISHED: 2019-07-15
A Reflected Cross-site Scripting (XSS) vulnerability exists in Apache Roller. Roller's Math Comment Authenticator did not property sanitize user input and could be exploited to perform Reflected Cross Site Scripting (XSS). The mitigation for this vulnerability is to upgrade to the latest version of ...
CVE-2018-7838
PUBLISHED: 2019-07-15
A CWE-119 Buffer Errors vulnerability exists in Modicon M580 CPU - BMEP582040, all versions before V2.90, and Modicon Ethernet Module BMENOC0301, all versions before V2.16, which could cause denial of service on the FTP service of the controller or the Ethernet BMENOC module when it receives a FTP C...
CVE-2019-6822
PUBLISHED: 2019-07-15
A Use After Free: CWE-416 vulnerability exists in Zelio Soft 2, V5.2 and earlier, which could cause remote code execution when opening a specially crafted Zelio Soft 2 project file.
CVE-2019-6823
PUBLISHED: 2019-07-15
A CWE-94: Code Injection vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0.