Currently, there are a number of reports addressing trends and summaries on security. However, at ElevenPaths we want to make a difference. Our Innovation and Labs team has just launched another release of our own cybersecurity report, summarizing the most significant information from the second half of 2019. The report’s philosophy is providing a global, targeted and useful vision on the most relevant data and facts on cybersecurity. It is addressed to cybersecurity professionals and enthusiasts, in a simple and visually-appealing format.
Given all the above, this report aims to summarize latest information on cybersecurity (ranging from security on mobile phones to cyber risk, from the most relevant news to the most technical ones and the most common vulnerabilities), while covering most aspects of the field, in order to help the readers to understand the risks of the current outlook.
The information here presented is mostly based on the collection and synthesis of internal data that have been contrasted with public information from sources considered to be of quality. Let’s examine below some points that we consider important.
#CyberSecurityReport19H2: some data
After analyzing Apple’s transparency data, we may conclude that some governments request “too often” access to data, but also argue that justice may work in a more agile manner in these countries, or that fraud is based more on these locations. Interpretation is free. What does seem clear are some conclusions based on these data. For instance, the interest of the Arab Emirates in removing applications that they consider illegal, even if no removal request has been granted. Moreover, it is curious that Australia, Germany, the US and South Korea are the countries that request the most personal data.
Between 2% and 3% of the apps removed by Google Play are for malware
Over this period, Google Play has removed around 250,000 apps from the market. Every month, between 2% and 3% of them are detected by two or more OPSWAT Metadefender antivirus engines.
Qihoo is undoubtedly the company that most collaborates in the reporting of vulnerabilities in Microsoft products: they report over 20% of the flaws
Around 23% of the flaws found in Microsoft products are reported by the category ‘other’, which includes small companies that do not usually report, or freelance analysts. The third position is for Microsoft, since they detect more than 12% of their own flaws. Google finds 9% of the flaws.
The engineering sector, lagging behind Europe in general
According to BitSight, the European engineering sector need about 9 days on average to neutralize a threat, while in Spain they need about 25.
More conclusions
During this second half of the year, 198 CVEs for iOS have been patched. 13 were critical and 6 of them allow arbitrary code execution.
A total of 463 vulnerabilities for Android have been published. 15 of them with a base CVSS score equal to or greater than 9, together with the possibility of executing arbitrary code.
Conficker goes down but remains, according to BitSight, one of the most aggressive threats detected in all sectors.
Download the full report here:
