Financially motivated cybercriminals always go for low–hanging fruit. That means leveraging existing attack tools rather than developing new ones, using the same attack on as many victims as possible and targeting mass amounts of devices. Research shows that in the last few months, those “fruits” have started to include assets that are generally more difficult to patch: servers.
According to Skybox Security’s inaugural Vulnerability and Threat Trends Report, during 2017, the vast majority of exploits affected server-side applications (76%), up 17 points since 2016. At the same time, the number of known vulnerabilities doubled.
That’s savvy, because for enterprises, dealing with server-side vulnerabilities is always more difficult: the higher-value assets require more consideration than simply if there is a patch available or not. “As more functions rely on servers than on clients, organizations need to have the means to understand these server–side vulnerabilities in the context of the asset criticality, the surrounding topology and security controls and the exploit activity in the wild,” said Skybox Security CTO Ron Davidson. “Only then can they accurately decide the optimal patching priority and schedule.”