The report looks at the vulnerabilities, exploits and threats that were in play over the last twelve months and is intended to help guide organisations as they look to align their security strategy with the reality of the current threat landscape.
What immediately strikes you when reading the report is the number of new vulnerabilities published in 2018. The National Vulnerability Database (NVD) assigned 16,412 new CVEs, a 12-percent increase over the previous year, which itself was already at an all-time high.
However, Skybox Director of Threat Intelligence Marina Kidron said that these record-breaking figures should now be seen as the new normal.
“It would come as no surprise if 2019 breaks the CVE record again,” said Kidron. “The challenge of answering, ‘What do I fix today?’ is only getting harder — unless you have the right information to contextualize this mountain of data.”
The report suggests that it is no longer practical to ‘focus’ attention on all the likely threats that a business will face, rather companies should be identifying risks that could be exploited – otherwise resources will end up going to the wrong place.
Other findings of the report include risks to the growing attack surface, including operational technology (OT) networks. Attacks on OT were up 10-percent between 2017 and 2018 and while these attacks range in motive and their impact, the WannaCry outbreak in Taiwan Semiconductor Manufacturing Company showed how a cybercriminal tool like ransomware, nation-state threats and internal exposure can create the perfect storm to wreak havoc on a network, as well as its bottom line.
The report also warned of a false sense of security in cloud networks. While security of clouds is relatively strong, misconfiguration issues within them can still abound and security issues can arise within the applications used to manage such networks.
A number of examples can be given of attacks on cloud networks, but a notable one from 2018 targeted Tesla’s Amazon Web Services network. While attackers could have accessed a variety of information, they instead used the opportunity to launch a malicious cryptominer, pointing to a larger trend in the threat landscape of stealing computational power rather than data - cryptomining now account for 27 percent of all attacks.
The report concludes that incorporating threat intelligence in vulnerability management programmes will give organisations the edge they need if they are to have any chance of countering what is a fast moving, dynamic threat landscape.