Organizations are More Susceptible to Known Vulnerabilities in Comparison to Zero-Day Flaw

Organizations are More Susceptible to Known Vulnerabilities in Comparison to Zero-Day Flaw
This article has been indexed from

CySecurity News – Latest Information Security and Hacking Incidents




A study of APT hacking campaigns conducted from 2008 to 2020 by University of Trento security researchers indicates enterprise IT security admins should worry most about fixing their systems for known vulnerabilities, rather than chasing a patch for every zero-day flaw that emerges.  The researchers analyzed the impact of 86 APTs and 350 attack campaigns and debunked the belief that all APTs are highly sophisticated and prefer targeting zero-day flaws rather than ones that have already been patched.  “Contrary to common belief, most APT campaigns employed publicly known vulnerabilities,” researchers Giorgio Di Tizio, Michele Armellini, and Fabio Massacci wrote in the report published on the pre-print server arXiv.  Indeed, out of the 86 APTs they examined, only eight – known respectively as Stealth Falcon, APT17, Equation, Dragonfly, Elderwood, FIN8, DarkHydrus, and Rancor – exploited CVEs were not used by anybody else. This demonstrates that not all the APTs are as sophisticated as many thinks, as the groups “often reuse too[…]Content was cut in order to protect the source.Please visit the source for the rest of the article.






Read the original article:




Share this:




Like this:


Like Loading...

Tags:



Support the originator by clicking the read the rest link below.