Majority of vulnerabilities now being exploited

Exploit rate nears 60 percent for first time, says report.

By John Dunn | Techworld
Published: 17:08 GMT, 07 July 09

The number of exploits being written to target specific software vulnerabilities could be at all-time highs, new threat figures have suggested.

Fortinet's Threatscape report for June, which actually covers the period between 21 May and 20 June, reveals that of the 108 new vulnerabilities added to its firewall intrusion detection system in the period, 62 were being actively exploited.

This is equivalent to a 57.4 percent exploit rate, a rise over previous months and in line with increasing percentages and absolute numbers for recent months. For comparison, April-May exploit rates stood at 46.4 percent, with March-April at 31.3 percent.

Of the top 10 most common vulnerabilities noted by Fortinet, two were rated as ‘critical', the highest threat level, seven were rated as ‘high', and one as ‘medium'. The vast majority of the vulnerabilities target holes in desktop software rather than on servers or other types of equipment.

The deeper question is why the rise has happening given that some of the exploits involve tricky, time-consuming programming on the part of the malware writers. Could it be that better patching frequency has driven malware writers have to exploit a wider variety of vulnerabilities in the hope of finding a successful one?

Fortinet's threat response team head, Guillaume Lovet, thinks not.

"I have a feeling it is more to do with a shift in strategy," he said. "It is more a consequence of the behaviour of people." According to Lovet, more influential was that old-style malware distribution had failed because ordinary users were now far less likely to click on attachments and links embedded in emails than they would have been in the past.

The key advantage for malware writers was that exploits required little and in some cases no user interaction. "With exploits you don't need users to click on links."

This interpretation, even based on one company's data and vulnerability set, suggests a bleak outlook for PC protection. Greater numbers of vulnerabilities are being exploited over time, something that patching can't keep up with because it takes time to patch the world's population of Windows machines, and that leaves an opportunity window. The only solution is better-written software but that will take precious time.

Comment

What are your views on this subject? Use the form below to post a comment on this article up to 500 characters.

Characters remaining: 500

Related Security news

Black hole discovery could boost quantum computers

String theory of gravity connected to entanglement

03 September 2010

Onapsis to launch ERP vulnerability testing suite

The software searches for vulnerabilities, looks for compliance problems and creates reports

Women are better at protecting corporate secrets

Defcon social engineering contest finds most people give up secrets to strangers

Facebook introduces new security measures to kick out spammers

Users will be able to use IP info to confirm if their account has been hacked in to and reset passwords

Related Security reviews

M0n0wall review

AS Communication Gateway review

LOK-IT flash PIN drive

Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

IT Manager's guide to buying an anti-spam solution

With these ten critical questions as your guide, you can cut through the marketing hype and zero in on the key features and benefits that should guide your decision.

Download Whitepaper

Unleashing cloud performance

While cloud services aim to eliminate cost and complexity from the world of enterprise IT, the unintended consequences of these services may do exactly the opposite if not carefully planned for.

Download Whitepaper

Online PC backup

This paper looks at the need for laptop and desktop data protection and, based upon recent IDC research, the key requirements firms should consider in evaluating enterprise-level online PC backup solutions.

Download Whitepaper

Protecting your business, customers, and the bottom line

Download this whitepaper to find out more about how you can protect your business from malware.

Download Whitepaper

Techworld UK - Technology - Business

Oracle Video

Enabling agile and intelligent businesses

 Changing markets, competitive pressures and evolving customer needs are placing increasing pressure on IT to deliver greater flexibility and speed. Explore truly flexible SOA foundations with this Oracle video.

Watch
AMD LGF

AMD Opteron™ Resource Centre

Set the foundations for higher speed processing, low energy consumption whilst delivering flexibility and value to your organisation.

Learn More

Win an iPad

How do you view and share technology related content and information? Tell us in our 2010 Media Usage Survey and you could win an iPad.

Complete the survey here

Site Map

IDG Network

* *