Top 10 breaches of 2014 attacked ‘old vulnerabilities’

A report by HP has found that 44 percent of known breaches in 2014 were caused by vulnerabilities, between two and four years old.

In fact, The Cyber Risk Report 2015 highlights that every one of the top 10 vulnerabilities exploited in the year just gone took advantage of code that was years – and in some cases decades – old, suggesting that for hackers, known ‘tried and tested’ exploits remain the low-hanging fruit.

Art Gilliland, senior vice president and general manager of Enterprise Security products at HP told Tech Europe, “Many of the biggest security risks are issues we’ve known about for decades, leaving organizations unnecessarily exposed.”

“We can’t lose sight of defending against these known vulnerabilities by entrusting security to the next silver bullet technology; rather, organizations must employ fundamental security tactics to address known vulnerabilities and in turn, eliminate significant amounts of risk.”

IT Pro Portal notes that the majority of exploits are “defect, bugs and logic flaws,” but adds the main weaknesses all stem from a small number of software programing errors, meaning that old and new vulnerabilities are surprisingly easy to find for hackers.

Server misconfiguration was the number one vulnerability, beating out privacy and cookie security issues, frequently giving hackers access to files, leaving organizations open to damaging attacks.

Personal connected devices were also seen to cause security issues, with the quantities of mobile malware found increasing over the year. The report also mentioned now familiar warnings about the security of Internet of Things connected devices.

The Register summarizes the overall recommendations of the reports as employing “a well-thought-out patching strategy, regular penetration testing, layered security defenses, threat intelligence sharing and a strategy for introducing new technologies.”


Via: welivesecurity

Save pagePDF pageEmail pagePrint page

Leave a Reply

Your email address will not be published. Required fields are marked *