This post is also available in: heעברית (Hebrew)

The old boundaries of cybersecurity and cyberattacks are disappearing — from the network perimeter, through distinct types of malware, to nation–state tactics vs. that of the cybercriminal. The attacker’s advantage lies in this fluidity, exploiting endpoint vulnerabilities and inadequate security controls; reshaping attacks to evade detection; and repurposing tactics, techniques and procedures for their own use.

Server-side vulnerabilities have been on the rise in the global cyber threat map, and vulnerabilities that are specific to Operational Technology (OT –  those used in energy production, manufacturing, utilities, etc.) have grown by 120% – these were only some of the findings of the Vulnerability and Threat report published by Skybox Security, which specializes in cybersecurity management. The report which analyzes global vulnerabilities and threats in 2017 was designed to help organizations coordinate their security strategy vis a vis the threats.

During 2017, 76% of all exploits were directed at the server side, a 17% increase since 2016. Coping with server-side vulnerabilities is always more challenging as the most valuable assets require much attention in the management of software updates, as most of them are on the server.

At the same time, there was a decline in the use of exploit kits based on end-user points –  they consisted of only a quarter of the exploits during the last year. This was caused by the disappearance of leading exploit kit vendors such as Nuclear, Angler, Neutrino, with the absence of an equivalent substitute.

During the year in review, there was an increase in the appearance of new exploit code examples published online, with the monthly average growing by 60% with respect to the previous year. Assailants can turn these exploit codes into fully functioning hacking tools with minimal or no adaptations. Even if this trend does not pose a real trend right now, the threat might materialize any moment, and security teams must have the update intelligence status when the time comes.

There was also a 120% increase in new exploits specific to OT compared to the previous year. The report says that this phenomenon is especially worrying as many organizations are characterized by low transparency, if any, into the OT network, and the security managers do not receive the full picture of the threats with this regard.

What can be done? The report recommends to create a program for the management of a threat-centric vulnerability management (TCVM) in order to cope with the changing threats. This approach helps security teams to focus in a specific portion of vulnerabilities with the highest chances to be exploited, by analyzing them from the interdisciplinary point of view of business, network and threats.