Mid-year report says vulnerabilities up 22% in 2020

Skybox Security released a midyear update to its 2020 Vulnerability and Threat Trends Report. Per the report, not only have new ransomware and trojan samples soared during the pandemic, but vulnerability reports are also likely to hit a new record in 2020.

According to Skybox Security, organizations’ rush to create remote workforces and secure expanded network perimeters while also facing under-resourced security programs amid the coronavirus outbreak has given cybercriminals and nation-state threat actors leverage.

“While organizations were vulnerable and distracted, hackers developed new ransomware samples and advanced existing tools to attack critical infrastructure — including vital research labs and health care organizations,” says the report.

In the first half of 2020, over 9,000 new vulnerabilities were reported, marking a 22% increase in reports published over the same period in 2019. Skybox Security says we’ll see more than 20,000 new vulnerabilities this year too.

Vulnerabilities on mobile operating systems have increased by 50% during these first six months too. Skybox Security says this surge is driven solely by Android flaws. Skybox Security also attributed the rise in vulnerabilities to individuals and organizations blurring the line between corporate and personal networks during this shift to remote working.

New ransomware and malware samples have soared amid the COVID-19 pandemic too, though Skybox Security claims cryptocurrency miners and worms have had fewer new samples created compared to 2019.

“These trends should focus the need for organizations to improve access controls and gain visibility of all ingress and egress points to their network infrastructure,” the report states.

A drastic increase in vulnerabilities can overwhelm IT teams. To prepare for such vulnerabilities, Skybox Security recommends having an infrastructure-wide view of corporate assets, aalyzing network paths and access to critical systems, addressing critical risk vulnerabilities on vital assets and secure configuration of VPN, firewalls, security and networking devices, and all other gateways.

The report explains further, “The best form of defense against ransomware attacks is to ensure that they never happen in the first place. This can be achieved by modeling your entire attack surface — including infrastructure, assets and vulnerabilities — to gain full and unerring visibility over your entire security environment, understanding the context that surrounds your critical assets and vulnerabilities, and establishing remediation strategies that empower you to target your most exposed flaws before criminals can exploit them.”