Researchers find APT campaigns share known vulnerabilities

By

Zero-day hunting might not be the best strategy.

A study of several years of Advanced Persistent Threat (APT) campaigns suggests enterprise IT security admins should worry most about patching their systems for known vulnerabilities, rather than chasing a fix for every zero-day that emerges.

Researchers find APT campaigns share known vulnerabilities

Researchers from the University of Trento in Italy worked on assessing what software strategy might best defend against APT – in particular, whether every patch should be applied as soon as it becomes available.

The good news for enterprise IT management is that a focus on known vulnerabilities is nearly as safe as trying to get every zero-day patched as soon as possible.

Publishing their work on the pre-print server arXiv, academics Giorgio Di Tizio, Michele Armellini, and Fabio Massacci note that “in practice, enterprises must do regression testing before applying an update” – and that means immediate patches are rarely possible.

The researchers quantified the impact of 86 APTs and 350 attack campaigns from 2008 to 2020, and found the majority of campaigns try to exploit known vulnerabilities.

Of the 86 APTs they examined, only eight – known respectively as Stealth Falcon, APT17, Equation, Dragonfly, Elderwood, FIN8, DarkHydrus and Rancor – exploited CVEs not used by anybody else. 

Other actors tend to share vulnerabilities: 17 APT groups shared four or more vulnerabilities, the researchers found, and overall 35 percent of APTs shared at least one CVE.

That focus on known vulnerabilities means “one could perform 12 percent of all possible updates restricting oneself only to versions fixing publicly known vulnerabilities without significant changes to the odds of being compromised, compared to a company that updates for all versions”, the paper stated.

They found that enterprises following an immediate patch strategy “could still be compromised from 14 percent to 33 percent of the time”.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

NSW Police to embark on $126m IT overhaul

NSW Police to embark on $126m IT overhaul

CBA looks to GenAI to assist 1200 'security champions'

CBA looks to GenAI to assist 1200 'security champions'

Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls

WestJet probes cyber security incident

WestJet probes cyber security incident

Log In

  |  Forgot your password?