Vulnerability exploitation has become the most common attack vector for cybercriminals, constituting one of the top 5 cybersecurity risks. Effective vulnerability management requires a proactive approach, harnessing threat intel directly from the underground to help you address the most critical vulnerabilities before threat actors can strike.
An important milestone was noted by IBM in their 2021 report: X-Force Threat Intelligence Index. According to Big Blue, last year vulnerability exploitation (35%) surpassed phishing (31%) as the most common attack vector for cybercriminals. This was disclosed in a Cybersixgill report that highlights the top 5 cybersecurity risks, written by Brad LaPorte, a former Gartner Senior Director Analyst and Cybersecurity Industry Expert.
How do you deal with vulnerabilities? You patch them. But with over 18,300 vulnerabilities discovered just in the year 2020, another 10,400 found in the first half of 2021, and the tens of thousands that have been cataloged in previous years, you can't patch them all. We even referred to Vulnerability Management in this column a few months ago as a never-ending Whack-A-Mole game. Each patch also takes time, with most taking teams up to 12 days of work to apply the patch across all devices.
If you can't patch all the vulnerabilities, then a decisive strategy should be put in place to manage the vulnerabilities that specifically threaten your network. One cyber company I know had a team of top analysts dedicated to constantly scouring the dark web for mentions of specific types of vulnerabilities. These Common Vulnerability and Exposures (CVEs) would be collected, put into a weekly report, and then distributed to clients. But there was a time lag between the discovery of the vulnerability to the writing up and distribution of the critical information. Due to the enormous number of vulnerabilities and having to pass them person-to-person to get them registered and highlighted, they realized an automated solution would significantly improve their efficiency and ultimately, their security. Understanding that automation is the key to strengthening their security, this company later joined up to become a partner with Cybersixgill.
PRIORITIZE YOUR PATCHING CYCLES FOR EFFECTIVE CYBERSECURITY
There is an industry standard used for assessing the threat level of vulnerabilities called the Common Vulnerability Scoring System, or CVSS. These scores are managed by FIRST.Org, Inc., a US-based non-profit organization, whose "mission is to help computer security incident response teams across the world." CVSS scores rank vulnerabilities from 0 – 10 in terms of severity. Yet there are three inherent problems with threat intelligence teams solely relying on CVSS scores:
There is a lag between the vulnerability being discovered and a CVSS score being assigned.
The scores do not factor in the possibilities of how likely the vulnerability is to be exploited by threat actors.
Once assigned, the CVSS score rarely changes, so a later surge in popularity of the vulnerability among attackers would not be correctly represented.
To fill this vacuum, Cybersixgill created the DVE Score, which analyzes discourse in the cybercriminal underground to provide an accurate and real-time assessment of the immediate risks of each vulnerability based on threat actor intent. We use our ability to automate all discussions on the deep and dark web, combining intel from the underground with intelligence from sources such as code repositories, surface web sites and instant messaging platforms, to produce a score predicting the probability of vulnerability exploitation over the next 90 days. Advanced algorithms integrated into the DVE assessment include Natural Language Processing capacities, translating discussions in any and all languages, as well as OCR image-to-text capture.
Each score includes critical insights and attributes, detailing the full history of activity surrounding the vulnerability, as well as the sources for each intel item and the threat actors behind each post. This intel is further enriched with comprehensive context surrounding the reputation, profile, peer interactions and history of each threat actor, providing full visibility into their social networks and primary areas of activity. This results in a vulnerability ranking which changes in accordance with real-time developments and interest in cybercriminal communities. With this valuable intelligence in hand, now you can have a better handle on which patches require your company time and team's attention. Setting your team's priorities when it comes to chasing myriad vulnerabilities is a lot more effective than playing Whack-A-Mole.
Get the full eBook to learn about The Top 5 Risks and how to prevent and protect with threat intelligence.