New vulnerabilitites Trend Report: “Companies keep making life easier to attackers”

Florence Broderick    29 January, 2016

You can now download the “New 2014-2015 Vulnerability Trend Report” by ElevenPaths’ Analyst Team. This vulnerability trend report analyses the data of over 100 companies, thus representing the main activity sectors and geographical regions for the period 2014-2015.

The report shows the critical points which the companies must focus on in order to improve their security level. The 85% of the results obtained correspond to 5 specific vulnerabilities, shown below:

Information Management Errors and Leakages on Metadata
These errors appear when organizations perform an inadequate information management turning their private data public. Below it is shown our conclusions after the analysis of this data:

  • Lack of awareness regarding the risks and issues in this sense. The cybercriminals plan their attacks based on an initial phase which identifies the target where the information can be obtained in order to arrange the subsequent actions.
  • The human factor is still being used by the attackers as an entry point, thereby performing targeted-phishing campaigns, resulting from information leakages on metadata.

Configuration error
The 78,56% of the vulnerabilities detected show that the majority of the failures are found on the system and application configuration itself. The origin of most vulnerabilities analyzed does not come from existent vulnerabilities resulting from code failures by the developers, but the performance of bad practices carried out by the system and application administrators during the configuration phase.

Code injections, XSS and Cryptographic Issues
The vulnerabilities caused by the Improper input validation (code injections, XSS among others) and Cryptographic issues are well known in the security world and have been widely broadcasted by the mass media.

The analysis performed on the results obtained demonstrate yet again that these type of errors still remain a high risk security problem for organizations.

You may also be interested on:

Leave a Reply

Your email address will not be published. Required fields are marked *