Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Majority of vulnerabilities now being exploited

Exploit rate nears 60 percent for first time, says report.

Article comments

The number of exploits being written to target specific software vulnerabilities could be at all-time highs, new threat figures have suggested.

Fortinet's Threatscape report for June, which actually covers the period between 21 May and 20 June, reveals that of the 108 new vulnerabilities added to its firewall intrusion detection system in the period, 62 were being actively exploited.

This is equivalent to a 57.4 percent exploit rate, a rise over previous months and in line with increasing percentages and absolute numbers for recent months. For comparison, April-May exploit rates stood at 46.4 percent, with March-April at 31.3 percent.

Of the top 10 most common vulnerabilities noted by Fortinet, two were rated as ‘critical', the highest threat level, seven were rated as ‘high', and one as ‘medium'. The vast majority of the vulnerabilities target holes in desktop software rather than on servers or other types of equipment.

The deeper question is why the rise has happening given that some of the exploits involve tricky, time-consuming programming on the part of the malware writers. Could it be that better patching frequency has driven malware writers have to exploit a wider variety of vulnerabilities in the hope of finding a successful one?

Fortinet's threat response team head, Guillaume Lovet, thinks not.

"I have a feeling it is more to do with a shift in strategy," he said. "It is more a consequence of the behaviour of people." According to Lovet, more influential was that old-style malware distribution had failed because ordinary users were now far less likely to click on attachments and links embedded in emails than they would have been in the past.

The key advantage for malware writers was that exploits required little and in some cases no user interaction. "With exploits you don't need users to click on links."

This interpretation, even based on one company's data and vulnerability set, suggests a bleak outlook for PC protection. Greater numbers of vulnerabilities are being exploited over time, something that patching can't keep up with because it takes time to patch the world's population of Windows machines, and that leaves an opportunity window. The only solution is better-written software but that will take precious time.


More from Techworld

More relevant IT news


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *