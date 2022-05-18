Researchers find APT campaigns share known vulnerabilities

By on
Researchers find APT campaigns share known vulnerabilities

Zero-day hunting might not be the best strategy.

A study of several years of Advanced Persistent Threat (APT) campaigns suggests enterprise IT security admins should worry most about patching their systems for known vulnerabilities, rather than chasing a fix for every zero-day that emerges.

Researchers from the University of Trento in Italy worked on assessing what software strategy might best defend against APT – in particular, whether every patch should be applied as soon as it becomes available.

The good news for enterprise IT management is that a focus on known vulnerabilities is nearly as safe as trying to get every zero-day patched as soon as possible.

Publishing their work on the pre-print server arXiv, academics Giorgio Di Tizio, Michele Armellini, and Fabio Massacci note that “in practice, enterprises must do regression testing before applying an update” – and that means immediate patches are rarely possible.

The researchers quantified the impact of 86 APTs and 350 attack campaigns from 2008 to 2020, and found the majority of campaigns try to exploit known vulnerabilities.

Of the 86 APTs they examined, only eight – known respectively as Stealth Falcon, APT17, Equation, Dragonfly, Elderwood, FIN8, DarkHydrus and Rancor – exploited CVEs not used by anybody else. 

Other actors tend to share vulnerabilities: 17 APT groups shared four or more vulnerabilities, the researchers found, and overall 35 percent of APTs shared at least one CVE.

That focus on known vulnerabilities means “one could perform 12 percent of all possible updates restricting oneself only to versions fixing publicly known vulnerabilities without significant changes to the odds of being compromised, compared to a company that updates for all versions”, the paper stated.

They found that enterprises following an immediate patch strategy “could still be compromised from 14 percent to 33 percent of the time”.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
advanced persistent threataptcyber securitypatchingsecurity

Sponsored Whitepapers

Planning before the breach: You can&#8217;t protect what you can&#8217;t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership
Don&#8217;t pay the ransom: A three-step guide to ransomware protection
Don’t pay the ransom: A three-step guide to ransomware protection

Events

Most Read Articles

Kmart Australia stands up consent-as-a-service platform

Kmart Australia stands up consent-as-a-service platform
Telstra to open its 5G network to wholesale customers

Telstra to open its 5G network to wholesale customers
Active Directory defaults lead to no-fix PrivEsc vulnerability

Active Directory defaults lead to no-fix PrivEsc vulnerability
Westpac promotes its head of technology to mortgage role

Westpac promotes its head of technology to mortgage role

Digital Nation

Metaverse hype will transition into new business models by mid decade: Gartner
Metaverse hype will transition into new business models by mid decade: Gartner
The other &#8216;CTO&#8217;: The emerging role of the chief transformation officer
The other ‘CTO’: The emerging role of the chief transformation officer
Case Study: PlayHQ leverages graph technologies for sports administration
Case Study: PlayHQ leverages graph technologies for sports administration
COVER STORY: From cost control to customer fanatics, AI is transforming the contact centre
COVER STORY: From cost control to customer fanatics, AI is transforming the contact centre
As NFTs gain traction, businesses start taking early bets
As NFTs gain traction, businesses start taking early bets

Log In

  |  Forgot your password?