The Trustwave Global Security Report for 2014 was recently released. There are a number of very useful and insightful statistics in this report, which we can corroborate, based on our assessments of numerous organizations’ networks. We wanted to highlight a few of these statistics below:
Top 10 Internal Network Penetration Test Vulnerabilities
– which include weak passwords, shared accounts, and unencrypted storage
[av_hr class=’short’ height=’50’ shadow=’no-shadow’ position=’center’]
Top 10 External Network Penetration Test Vulnerabilities
– which include default SNMP strings and weak passwords:
[av_hr class=’short’ height=’50’ shadow=’no-shadow’ position=’center’]
Top 10 Web Application Vulnerabilities
– including path traversal, authentication bypass, SQL injection, unencrypted pages and XSS, just showing that the OWASP top 10 is alive and well
[av_hr class=’short’ height=’50’ shadow=’no-shadow’ position=’center’]
Passwords were the cause of a compromise 31% of the time
– it’s time to start upping the requirements for password length and complexity
[av_hr class=’short’ height=’50’ shadow=’no-shadow’ position=’center’]
Criminals relied most heavily on
Java applets as a malware delivery method
– Java and Adobe often have the top number of vulnerabilities when we assess an organization. Patch schedules for these products are essential.
[av_hr class=’short’ height=’50’ shadow=’no-shadow’ position=’center’]
71% of victims did not detect a breach themselves
– who wants their client notifying them of a breach. It’s time to implement defense in depth strategies with IDS/IPS protection and SIEM solutions
[av_hr class=’short’ height=’50’ shadow=’no-shadow’ position=’center’]
67% of victimes were able to contain a breach within 10 days upon discovery, however, the median number of days
from intrusion to detection was 87
– organizations just need to know it happened; in general they can handle the situation well once they know
[av_hr class=’short’ height=’50’ shadow=’no-shadow’ position=’center’]
Top Intrusion Indicators Include:
anomalous account activity, unexplained or suspicious outbound data, new and/or suspicious files dropped, geographic anomalies in logins, registry changes, log tampering, anti-virus tampering, services added/stopped/paused and more
– learning to recognize these signs or implementing tools that correlate these types of events can help in self detection
[av_hr class=’short’ height=’50’ shadow=’no-shadow’ position=’center’]
Over 13 client side zero-day vulnerabilities
were actively exploited in 2013
– again, it is essential to have a patching procedure
for third party plugins and apps
[av_hr class=’short’ height=’50’ shadow=’no-shadow’ position=’center’]
78% of detected exploits were Java related
[av_hr class=’short’ height=’50’ shadow=’no-shadow’ position=’center’]
Botnet analysis showed a continuing trend of using common and compromised passwords across multiple sites
– consider auditing for passwords that should not be allowed in your organization
[av_hr class=’short’ height=’50’ shadow=’no-shadow’ position=’center’]
Microsoft SQL Server was the only database that did not experience any known vulnerabilities in 2013
[av_hr class=’short’ height=’50’ shadow=’no-shadow’ position=’center’]
Android and iOS both had a number of vulnerabilities
– don’t assume that something is more secure based on social stigma, make sure all of your mobile devices are managed
[av_hr class=’short’ height=’50’ shadow=’no-shadow’ position=’center’]
In conclusion, I suggest everyone take a look at this report and take note of some of the recurring elements in any of these reports. Organizations need stronger passwords and they need to patch their stuff. Those two steps alone will mitigate a number of risks.
You can download the full report here.
