The Evolving Cybersecurity Vulnerability Landscape

Uploaded on 2024-04-22 in TECHNOLOGY--Resilience, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

In 2023, Microsoft addressed a staggering 911 vulnerabilities, with a peak of 131 in July alone. This raises questions about the urgency and risk associated with these issues. SonicWall's Capture Labs conducted an in-depth analysis of each 'Patch Tuesday' release, examining not just the number of vulnerabilities, but their practical impact. 

The cybersecurity landscape remains complex. While major vendors like Microsoft are patching vulnerabilities at rapid rates, attackers are becoming more sophisticated. 

Overall, attacks climbed 20% globally across 2023. The rise of different attack types, the increase of AI-powered threats and the prevalence of unpatched vulnerabilities highlight the need for a multi-layered approach. 

SonicWall firewalls thwarted over 3.28 million attacks related to Microsoft vulnerabilities in 2023, highlighting the importance of taking 'Patch Tuesday' seriously. The analysis revealed that while July had the highest number of vulnerabilities, December had the lowest. Microsoft also tracked vulnerabilities being actively exploited at the time of discovery, with July and November being key months.

Every year, many organisations' primary focus is on patching vulnerabilities related to Remote Code Execution. However, among the 21 exploited vulnerabilities, over half were attributed to Elevation of Privilege and nearly one-fourth to Security Feature Bypass.

This suggests that while Remote Code Execution vulnerabilities are more newsworthy, in the context of Microsoft vulnerabilities, attackers tend to exploit Elevation of Privilege vulnerabilities more frequently.

Additionally, when considering Microsoft's Exploitability Index, it revealed that while 107 vulnerabilities were more likely to be exploited, only four were added to CISA’s known exploited category post 'Patch Tuesday'. Notably, three of these were Elevation of Privilege vulnerabilities, emphasising the prevalence of attackers targeting this category.

The disparity between the number of vulnerabilities and those actually exploited underscores the need for businesses to prioritise and monitor threats effectively.

Despite often receiving lower CVSS and exploitability probability scores, Elevation of Privilege vulnerabilities are frequently the most attractive to threat actors. Therefore, organisations should prioritise these vulnerabilities in their cybersecurity strategies.

Microsoft's operating system, with a 72% market share, remains a prime target for cyber attackers. However, only about 3% of the 911 vulnerabilities addressed in 2023 were exploited. The low exploitation rate serves as a testament to Microsoft's unwavering commitment to bolstering security, illustrating the escalating difficulty for cybercriminals to exploit vulnerabilities within their ecosystem.

It's crucial to understand that cybersecurity is not a one-time task but an ongoing process. As the threat landscape evolves, so too must our strategies to counter potential attacks. This involves not only staying abreast of the latest threats and vulnerabilities but also adapting our security measures accordingly. For instance, the shift towards remote and hybrid work models has introduced new challenges, necessitating the adoption of robust endpoint security solutions. Similarly, our focus should shift from relying only on CVSS criticality score, to using a combination of data driven metrics to understand what attackers are leveraging to attack business.

By continually assessing and updating their security posture, businesses can ensure they are well-equipped to handle the dynamic nature of cyber threats, thereby safeguarding their digital assets and maintaining the trust of their customers and stakeholders.

Businesses must adopt a proactive and informed approach to safeguard against vulnerabilities. Proactive measures such as focusing on building teams to perform product security testing in addition to regular patching, prioritising critical updates, and implementing a comprehensive vulnerability management program are essential.

Regular technical audits can identify potential weaknesses, provide an understanding of important supply chain components, and partnering with a Managed Service Provider (MSP) can offer continuous monitoring and proactive defence strategies.

Above all, staying informed about the latest cybersecurity threats and trends can help businesses anticipate and prepare for potential risks, significantly reducing their susceptibility to cyberattacks.

Douglas McKee is Executive Director of Threat Research at SonicWall

Image: Allison Saeng

You Migh Also Read: 

Threat Intelligence Exposes The Extent of Cyber Attacks:

DIRECTORY OF SUPPLIERS - Threat Intelligence:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Phishing-as-a-Service Platform LabHost  Is Turned Over
Securing The Paris Olympic Games »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

SmartSearch

SmartSearch

SmartSearch is a leading online provider of Anti-Money Laundering and Fraud Prevention Services.

Blueliv

Blueliv

Blueliv is a leading provider of targeted cyber threat information and intelligence. We deliver automated and actionable threat intelligence to protect the enterprise and manage your digital risk.

Hotlava Systems

Hotlava Systems

HotLava network adapters enable today's powerful servers and workstations to deliver more productivity by reducing congestion at the network interface.

Exida

Exida

Exida is a leading product certification and knowledge company specializing in industrial automation system safety, security, and availability.

Tukan IT

Tukan IT

Tukan IT provides a data classification and protection solution.

State e-Government Agency (SEGA) - Bulgaria

State e-Government Agency (SEGA) - Bulgaria

The State e-Government Agency (SEGA) is responsible for matters relating to electronic governance in Bulgaria.

Telecommunications & Digital Government Regulatory Authority (TDRA) - UAE

Telecommunications & Digital Government Regulatory Authority (TDRA) - UAE

TDRA focuses on regulating the telecommunications sector and enabling government entities in the field of smart transformation. It is responsible for the overall digital infrastructure in the UAE.

THEC-Incubator

THEC-Incubator

THEC-Incubator program is designed for international and ambitious tech startups in the Netherlands. Areas of focus include Blockchain and Cyber Security.

Deepwatch

Deepwatch

deepwatch’s cloud SecOps platform and relentless customer focus are redefining the managed security services industry.

IPification

IPification

IPification is a highly secure, credential-less, network-based authentication solution for frictionless user experience on mobile and IoT devices.

Australian Cyber Collaboration Centre (A3C)

Australian Cyber Collaboration Centre (A3C)

A3C assists business to understand and navigate the cyber ecosystem to address their specific cyber needs. It is a central connection point for businesses looking to improve their cyber resilience.

Whistic

Whistic

Whistic is a cloud-based platform that uses a unique approach to address the challenges of third-party risk management.

Secmation

Secmation

Secmation are an agile engineering services firm providing advanced DoD level security design and consultation services for both commercial and defense hardware and software applications.

OmniCyber Security

OmniCyber Security

Omni is a cyber security firm specialising in Penetration Testing, Managed Security and Compliance.

Sevco Security

Sevco Security

Sevco Delivers Real-time Asset Intelligence to Identify and Close Unknown Security Gaps.

Atlas Cloud

Atlas Cloud

Atlas Cloud is a UK-wide provider of managed services based in Newcastle. Our ‘research-led’ approach to IT services helps leaders make better decisions about IT for their businesses.