Vulnerability and Threat Trends Report 2020: Key Findings

The latest edition of Skybox’s Vulnerability and Threat Trends report was released today. The report examines the new vulnerabilities published in 2019, newly developed exploits, new exploit–based malware and attacks, current threat tactics and more.

Vulnerabilities do not exist in a vacuum and they cannot be managed in isolation. In order to know what to do with them, you first need to understand their context. That’s why we create this annual report, alongside a mid-year update in the Summer. It provides much-needed context to the more than 17,000 new vulnerabilities which were reported in 2019. Here are some of the paper’s make takeaways.

The volume of medium-severity vulnerabilities is increasing

The main takeaway from the report is that the volume of vulnerabilities with medium-severity Common Vulnerability Scoring System (CVSS) scores has increased. While the total number of new vulnerability reports appears to be stabilizing – this year there was a modest rise of 3.8 percent to 17,220 new flaws – the share of medium-severity instances has increased from 34 percent in 2018 to 40 percent in 2019. This increase comes at the expense of high-severity vulnerabilities, which declined by around 5 percent.

On the surface, this may not appear to be such a big deal. But just because a vulnerability is classified as having medium severity, it doesn’t mean that it carries a medium risk. Attackers know that organizations are less likely to remediate high- or critical-severity vulnerabilities quicker than any medium-severity instances, which makes them an attractive target.

What matters is how each vulnerability relates to the security environment that it exists within – this simply cannot be communicated through flat CVSS scores. The need for vulnerability management which facilitates remediation based on exposure levels is clearer than ever.

Tech Brief: Skybox’s Customizable and Flexible Approach to Risk Scoring

Microsoft vulnerabilities increased over 2019

The number of new vulnerabilities within Windows OS’s increased by 66 percent between 2018 and 2019, making Microsoft the owner of the industry’s most vulnerable operating systems. The number of vulnerabilities within Wind0ws products, as opposed to OS’s also increased by 75 percent, presenting a stark contrast to Android’s 73 percent drop.

This rise should be seen as a positive and a sign that Microsoft is improving its flaw reporting capabilities. Such a high degree of transparency is helping organizations to know where vulnerabilities exist within their environments and enabling them to enforce better protections.

Multi-vendor vulnerabilities are becoming an increasing concern

A number of vulnerabilities within the over 17,000 new reports this year have a greater reach and impact a greater number of vendors than those seen in previous years. For that reason, they can be considered to be influential – an influence that security professionals need to be aware of in order to best protect their organizations. These include flaws found in Intel processors, PDFs, network stack IPnet and Netflix which affect tens of vendors.

This trend underlines the importance for organizations to have a complete and comprehensive understanding of all assets and technology within their security environment. When a new vulnerability is identified, security teams need to know if they need to apply patches to multiple patches.

OT (operational technology) advisories increased by 53 percent

The number of new ICS–CERT advisories published by vendors has remained relatively stable, with one notable exception: the team published 53 percent more Siemens advisories in 2019 than it did in 2018. The reason behind this rise could be attributed to both ICS–CERT and Siemens’ improved reporting capabilities. Even though these improvements should be celebrated, there is still cause for concern for organizations with OT, and hybrid IT-OT infrastructure.

Securing OT has always been problematic; this is technology that runs on outdated systems, has unsecured connections and is often impossible to patch. These problems are now being exacerbated as legacy OT devices become unavoidably linked with more internet-connected technology and applications. The need to improve the surrounding OT network

Brief: Securing Operational Technology Networks

This is just a taste of the report. Read the full paper now gain a full view of the evolution of vulnerability reports, learn about new exploit kits, understand how and why criminals’ malware focus is shifting and more.

Download here.