2020 Vulnerability and Threat Trends Report Mid-Year Update: Key Findings
William Grove July 22, 2020
Skybox Security released the mid-year update to its 2020 Vulnerability and Threat Trends Report. The report reveals COVID-19’s impact on the threat landscape, while also looking at the vulnerabilities, exploits and malware that are currently in play. The picture painted is one of great complexity – security leaders are having to contend with a record number of new vulnerabilities while staving off threats from an increasingly organized, emboldened and blood-thirsty base of threat actors.
The pandemic has heightened the sector’s existing challenges – including the cybersecurity skills shortage, under-resourced security programs and increasingly fragmented estates – as organizations have scrambled to enable their remote workforce and secure expanded network perimeters. With the world in flux, the need for security leaders to understand both external and internal threat context has never been greater.
The report tells the story of external threat context as it currently stands - if organizations are going to be able to emerge unscathed into a post-pandemic world, they need to correlate vast and varied intelligence sources from within their infrastructure to understand their internal threat context and be fully prepared to respond to increasingly pernicious and focused threat actors.
The report can be downloaded in full here, with its key findings listed below.
20,000+ New Vulnerability Reports Likely in 2020
Over 9,000 new vulnerabilities have been reported in the first six months of 2020 (a 22 percent increase on reports published over the same period in 2019), and we are on track to see more than 20,000 new vulnerabilities this year — a new record. This will be a figure that defines the complex landscape within which security professionals operate.
50% Increase in Mobile Vulnerabilities Highlights Dangers of Blurring Line Between Corporate and Personal Networks
Vulnerabilities on mobile OSs increased by 50 percent, driven solely by Android deficiencies. This rise has come at the same time as home networks and personal devices increasingly intersect with corporate assets as a result of the move towards a mass, remote workforce. These trends should focus the need for organizations to improve access controls and gain visibility of all ingress and egress points to their network infrastructure.
Ransomware and Trojans Thrive During COVID-19 Crisis
The creation of new ransomware and malware samples has soared during the COVID-19 crisis, a time that has also seen a significant increase in exploits taking advantage of Remote Desktop Protocol (RDP). These tools are enabling cyberattackers to capitalize on individual concerns and take advantage of overwhelmed security teams.
Attacks on Critical Infrastructure Adding to the Chaos
Attacks on national infrastructures, pharmaceutical firms and healthcare companies have increased as criminals become emboldened by chaos spurred by the pandemic. These attacks have added to the turbulence and could hamper countries’ abilities to respond to the health crisis.