Trend Micro Study: Old vulnerabilities pose great risk. Around a quarter of the exploits traded in the cybercriminal underground are over three years old.
Trend Micro, one of the world's leading providers of cybersecurity solutions, publishes a new study calling on companies to focus their patching measures on the vulnerabilities that pose the greatest risk to their business - even if they are several years old are.
3 year old exploits are still sought after
Trend Micro Research found that 22 percent of exploits traded on underground forums are more than three years old. The report highlights several risks from legacy exploits and vulnerabilities, including:
- The oldest exploit sold underground was for CVE-2012-0158, a so-called Microsoft Remote Code Execution Exploit (RCE) from 2012.
- CVE-2016-5195, better known as the "Dirty Cow Exploit", remains current even after five years.
- In 2020, WannaCry was still the most widely reported malware family in circulation, with over 2021 infected devices worldwide as of March 700.000. WannaCry has been spreading since 2017.
- 47 percent of cyber criminals targeted Microsoft products in the past two years.
“Cyber criminals know that companies have difficulty patching their systems as quickly as possible and prioritizing this process. Our research shows that patch delays are often exploited, ”explains Richard Werner, Business Consultant at Trend Micro. “The lifespan of a vulnerability or an exploit does not depend on when a protective patch is available. Rather, older exploits are cheaper and may therefore be more popular with attackers who shop in underground forums. Virtual patching is the best way to minimize the risks of known and unknown threats to businesses. "
Decrease in zero-day and n-day vulnerabilities
The study also shows a decline in the market for zero-day and n-day vulnerabilities over the past two years. This development is due in no small part to the popularity of bug bounty programs such as Trend Micro's Zero Day Initiative. The rise of Access-as-a-Service, the new driver in the exploit market, is also having an impact. Access-as-a-Service describes the sale of illegal access to previously hacked (corporate) networks or devices on virtual underground marketplaces. This “service” has the advantages of an exploit, but all of the laborious work of gaining access to systems has already been done for the buyer. The underground prices start at less than 1.000 euros.
50 new vulnerabilities per day
These current developments lead to greater risk for companies. With nearly 50 new known Common Vulnerabilities and Exposures (CVEs) released per day in 2020, the pressure on security teams to prioritize patches and deliver them in a timely manner has never been greater. It currently takes an average of almost 51 days for a company to patch a new vulnerability. One possibility to close this protection gap is virtual patching. By using this technology in intrusion prevention systems (IPS), companies can protect their systems against both known and previously unknown threats.
The full report, The Rise and Fall of the N-day Exploit Market in Cybercriminal Underground, is available online in English.
More at TrendMicro.com
About Trend Micro As one of the world's leading providers of IT security, Trend Micro helps create a secure world for digital data exchange. With over 30 years of security expertise, global threat research, and constant innovation, Trend Micro offers protection for businesses, government agencies, and consumers. Thanks to our XGen™ security strategy, our solutions benefit from a cross-generational combination of defense techniques optimized for leading-edge environments. Networked threat information enables better and faster protection. Optimized for cloud workloads, endpoints, email, the IIoT and networks, our connected solutions provide centralized visibility across the entire enterprise for faster threat detection and response.