Skip to content

OT Risk Gets Serious, New Backdoor Samples Soar and Volume of Medium-Severity Vulnerabilities Increases

Skybox Security’s 2020 Vulnerability and Threat Trends Report analyzes what shaped the threat landscape over 2019 and what it means for the year ahead.

SAN JOSE, Calif.
February 12, 2020

Key findings from the report include:

  • New backdoor samples quadrupled
  • OT advisories grew by over 50 percent
  • The number of new cryptomining samples halved between 2018 and 2019
  • Compared to 2018’s figures, vulnerabilities within Microsoft OSs increased by 66 percent in 2019

 Skybox® Security, a global leader in cybersecurity management, today announced the release of its latest Vulnerability and Threat Trends Report which analyzes the vulnerabilities, exploits and threats in play over last year. The report, compiled by the team of security analysts at the Skybox® Research Lab, aims to help organizations align their security strategy with the reality of the current threat landscape.

Ron Davidson, VP of R&D and CTO for Skybox Security commented on the increase in new OT advisories. “The need for greater protections within OT networks is clearer than ever: not only has a record number of new OT advisories been disclosed by ICS-CERT, the technology is also increasingly exposed to IT vulnerabilities as it becomes unavoidably linked with more internet-connected devices and applications. In order to combat this increasing threat, security teams need to find ways to passively discover vulnerabilities within OT networks and find alternatives to patching when patching isn’t an option.”

The decline in creation of new cryptomining samples is also notable. Last year, cryptominers became criminals’ malware of choice. This year, owing in large part to a global decline in the value of cryptocurrency, the creation of new miners has declined. More traditional forms of malware fill the gap left by cryptominers, with new backdoor samples becoming 2019’s top malware family, followed by ransomware (with new samples increasing by 116 percent) and botnets (with an increase of 83 percent).

Another takeaway from the report is that the volume of vulnerabilities with medium-severity Common Vulnerability Scoring System (CVSS) scores is increasing: while the total number of new vulnerability reports appears to be stabilizing – this year there was a modest rise of 3.8 percent to 17,220 new flaws – the share of medium-severity instances increased from 34 percent in 2018 to 40 percent in 2019. This increase comes at the expense of high-severity vulnerabilities, which declined by around 5 percent.

“Just because a vulnerability is classified as having medium severity, it doesn’t mean that it carries a medium risk” said Sivan Nir, Threat Intelligence Team Leader at Skybox Security. “What matters is how each vulnerability relates to the security environment that it sits in. Security teams need to stop being blinded by CVSS scores. While they’re distracted by remediating all of their critical- and high-severity vulnerabilities, they could be ignoring an exposed medium-severity vulnerability. In order to better protect their infrastructure, the CISO needs to find smarter ways of working. This starts with gaining full network visibility and enforcing exposure-based remediation strategies.”

Whether protecting against backdoors and ransomware, threats to the OT network or simply trying to keep up with what vulnerability to fix next, incorporating accurate, up-to-date threat intelligence in vulnerability management programs will give organizations they edge they need to counter a dynamic threat landscape. Skybox’s approach formalizes this into a systematic process where vulnerabilities are discovered regularly and on demand; prioritized in the context of the network, assets and threats; and remediated or mitigated in accordance with the risk they pose. Such an approach is vital to being proactive against today’s threats and adaptive to those yet to come.

To read the full 2019 Vulnerability and Threat Trends Report, click here.

About Skybox Security

Over 500 of the largest and most security-conscious enterprises in the world rely on Skybox for the insights and assurance required to stay ahead of dynamically changing attack surfaces. Our Security Posture Management Platform delivers complete visibility, analytics and automation to quickly map, prioritize and remediate vulnerabilities across your organization. The vendor-agnostic solution intelligently optimizes security policies, actions and change processes across all corporate networks and cloud environments. With Skybox, security teams can now focus on the most strategic business initiatives while ensuring enterprises remain protected.

Media Contact

Ashley Nakano | Corporate Communications

About Skybox Research Lab

The Skybox Research Lab is a team of security analysts who daily scour data from dozens of security feeds and sources as well as investigate sites in the dark web. The Research Lab validates and enhances data through automated as well as manual analysis, with analysts adding their knowledge of attack trends, cyber events and the tactics, techniques and procedures (TTPs) of today’s attackers. Their ongoing investigations determine which vulnerabilities are being exploited in the wild and used in distributed crimeware such as ransomware, malware, exploit kits and other attacks exploiting client– and server–side vulnerabilities.

We are Skybox. Secure more, limit less.

© 2021 SC Media. CyberRisk Alliance, LLC. All rights reserved. Used under license.

© 2021 Skybox Security, Inc. All rights reserved. Skybox Security and the Skybox Security logo are either registered trademarks or trademarks of Skybox Security, Inc., in the United States and/or other countries. All other trademarks are the property of their respective owners. Product specifications subject to change at any time without prior notice.

The industry’s most comprehensive and accurate exposure analysis.


Our executive team is comprised of seasoned Silicon Valley business leaders and cybersecurity experts.


We pioneered the leading Security Posture Management Platform that powers proactive cybersecurity programs.