In our 2016 security roundup report, A Record Year for Enterprise Threats, we talked about the vulnerability landscape during the year and what trends we saw.
Let’s look at some of the key aspects of what we saw in 2016.
1. Trend Micro’s Zero Day Initiative (ZDI) with support of their 3,000+ independent vulnerability researchers, discovered and responsibly disclosed 678 vulnerabilities in 2016. There were some interesting trends, as can be seen in the figures below:
2. Within the exploit kit market we saw a number of changes take place. The Angler exploit kit ceased operations after a number of actors were arrested in Russia. Neutrino tried to take its place but that appeared to be fleeting as can be seen in the chart below.
3. We also saw a decrease in the number of new vulnerabilities being added to exploit kits in 2016, which does not necessarily mean exploit kits are less effective. We regularly see older vulnerabilities used within exploit kits because these still appear to be working to compromise systems. What we did see occur in 2016 was a higher use of ransomware being used within exploit kits as the primary infection option.
While we saw both increases and decreases in the number of vulnerabilities from respective vendors, what is true is that threat actors will continue to utilize exploits to infect their victims. People and organizations should not assume that because we saw some decreases that they can take longer times to patch their systems. Patch management is as critical today as ever before and the use of virtual patching can be used to allow more time to manage the patch from the vendor.
In the cases where ZDI managed the disclosure process, they were able to protect TippingPoint NGIPS customers on average 57 days prior to the vendor’s release of their patch.