OT Risk Gets Serious, New Backdoor Samples Soar and Volume of Medium-Severity Vulnerabilities Increases

Skybox Security’s 2020 Vulnerability and Threat Trends Report analyzes what shaped the threat landscape over 2019 and what it means for the year ahead.

San Jose, Calif. (February 12, 2020) — Skybox® Security, a global leader in cybersecurity management, today announced the release of its latest Vulnerability and Threat Trends Report which analyzes the vulnerabilities, exploits and threats in play over last year. The report, compiled by the team of security analysts at the Skybox® Research Lab, aims to help organizations align their security strategy with the reality of the current threat landscape.

Key findings from the report include:

  • New backdoor samples quadrupled
  • OT advisories grew by over 50 percent
  • The number of new cryptomining samples halved between 2018 and 2019
  • Compared to 2018’s figures, vulnerabilities within Microsoft OSs increased by 66 percent in 2019

Ron Davidson, VP of R&D and CTO for Skybox Security commented on the increase in new OT advisories. “The need for greater protections within OT networks is clearer than ever: not only has a record number of new OT advisories been disclosed by ICS-CERT, the technology is also increasingly exposed to IT vulnerabilities as it becomes unavoidably linked with more internet-connected devices and applications. In order to combat this increasing threat, security teams need to find ways to passively discover vulnerabilities within OT networks and find alternatives to patching when patching isn’t an option.”

The decline in creation of new cryptomining samples is also notable. Last year, cryptominers became criminals’ malware of choice. This year, owing in large part to a global decline in the value of cryptocurrency, the creation of new miners has declined. More traditional forms of malware fill the gap left by cryptominers, with new backdoor samples becoming 2019’s top malware family, followed by ransomware (with new samples increasing by 116 percent) and botnets (with an increase of 83 percent).

Another takeaway from the report is that the volume of vulnerabilities with medium-severity Common Vulnerability Scoring System (CVSS) scores is increasing: while the total number of new vulnerability reports appears to be stabilizing – this year there was a modest rise of 3.8 percent to 17,220 new flaws – the share of medium-severity instances increased from 34 percent in 2018 to 40 percent in 2019. This increase comes at the expense of high-severity vulnerabilities, which declined by around 5 percent.

“Just because a vulnerability is classified as having medium severity, it doesn’t mean that it carries a medium risk” said Sivan Nir, Threat Intelligence Team Leader at Skybox Security. “What matters is how each vulnerability relates to the security environment that it sits in. Security teams need to stop being blinded by CVSS scores. While they’re distracted by remediating all of their critical- and high-severity vulnerabilities, they could be ignoring an exposed medium-severity vulnerability. In order to better protect their infrastructure, the CISO needs to find smarter ways of working. This starts with gaining full network visibility and enforcing exposure-based remediation strategies.”

Whether protecting against backdoors and ransomware, threats to the OT network or simply trying to keep up with what vulnerability to fix next, incorporating accurate, up-to-date threat intelligence in vulnerability management programs will give organizations they edge they need to counter a dynamic threat landscape. Skybox’s approach formalizes this into a systematic process where vulnerabilities are discovered regularly and on demand; prioritized in the context of the network, assets and threats; and remediated or mitigated in accordance with the risk they pose. Such an approach is vital to being proactive against today’s threats and adaptive to those yet to come.

To read the full 2019 Vulnerability and Threat Trends Report, click here.

About Skybox Research Lab  
The Skybox Research Lab is a team of security analysts who daily scour data from dozens of security feeds and sources as well as investigate sites in the dark web. The Research Lab validates and enhances data through automated as well as manual analysis, with analysts adding their knowledge of attack trends, cyber events and the tactics, techniques and procedures (TTPs) of today’s attackers. Their ongoing investigations determine which vulnerabilities are being exploited in the wild and used in distributed crimeware such as ransomware, malware, exploit kits and other attacks exploiting client– and server–side vulnerabilities. 

For more information on the methodology behind the Skybox Research Lab and to keep up with the latest vulnerability and threat intelligence, visit 

Tweet This: Medium-severity vulnerabilities now make up 40% of all new CVSS reports. But medium-severity doesn’t = medium risk. Learn about the new dangers facing organizations in the 2020 Vulnerability and Threat Trends Report:

© 2020 Skybox Security, Inc. All rights reserved. Skybox Security and the Skybox Security logo are either registered trademarks or trademarks of Skybox Security, Inc., in the United States and/or other countries. All other trademarks are the property of their respective owners. Product specifications subject to change at any time without prior notice.

# # # 



Colleen Nichols
Head of Corporate Marketing for Skybox Security
571.340.0181 |

Allison + Partners for Skybox Security
United Kingdom: Daniel Couzens
+44 (0)20 7437 0227 |

About Skybox Security

Skybox provides the industry’s broadest cybersecurity management platform to address security challenges within large, complex networks. By integrating with more than 140 networking and security technologies, the Skybox® Security Suite provides comprehensive attack surface visibility and the context needed for informed action. Our analytics, automation and intelligence improve the efficiency and performance of security operations in vulnerability and threat management and firewall and security policy management for the world’s largest organizations.