\n<\/p>\n
\n Trend Micro research warns of threat from unpatched legacy vulnerabilities <\/p>\n
HONG KONG SAR –\u00a0Media
\u00a0<\/p>\n
Trend
\u00a0<\/b><\/p>\n
To
\u00a0<\/p>\n
“Criminals know that organizations are
\u00a0<\/p>\n
The
The
\u00a0<\/p>\n
Access-as-a-Service
\u00a0<\/p>\n
These
\nOutReach<\/a>\u00a0–\u00a014 July 2021\u00a0–\u00a0 (;),
\na global
\ncybersecurity leader, released new research
\nurging organizations to focus patching efforts on the vulnerabilities that pose
\nthe greatest risk to their organization, even if they are years old.<\/p>\n
\n
<\/p>\n
\n
<\/p>\n
\nMicro Research found that 22% of exploits for sale in underground forums are
\nmore than three years old.<\/p>\n
\n
<\/p>\n
\n
<\/p>\n
\nview a full copy of the report, The Rise and Fall of the N-day Exploit
\nMarket in Cybercriminal Underground<\/i>, please visit: <\/b>https:\/\/www.trendmicro.com\/vinfo\/hk\/security\/news\/vulnerabilities-and-exploits\/trends-and-shifts-in-the-underground-n-day-exploit-market<\/a>.<\/b><\/p>\n
\n
<\/p>\n
\n
<\/p>\n
\nstruggling to prioritize and patch promptly, and our research shows that patch delays are
\nfrequently taken advantage of,” said
\nTony Lee, head of consulting at Trend Micro Hong Kong and Macau. “The lifespan
\nof a vulnerability or exploit does not depend on when a patch becomes available
\nto stop it. In fact, older exploits are cheaper and therefore may be more
\npopular with criminals shopping in underground forums. Virtual patching remains
\nthe best way to mitigate the risks of known and unknown threats to your
\norganization.”<\/p>\n
\n
<\/p>\n
\n
<\/p>\n
\nreport reveals several risks of legacy exploits and vulnerabilities, including:<\/p>\n\n
\noldest exploit sold in the underground was for CVE-2012-0158, a Microsoft RCE.<\/li>\n
\nknown as the Dirty Cow exploit, is still ongoing after five years.<\/li>\n
\n2020, WannaCry was still the most detected malware family in the wild, and
\nthere were over 700,000 devices worldwide vulnerable as of March 2021.<\/li>\n
\nof cybercriminals looked to target Microsoft products in the past two years.<\/li>\n<\/ul>\n
\n
<\/p>\n
\nreport also reveals a decline in the market for zero-day and N-day
\nvulnerabilities over the past two years. This is being driven in part by the
\npopularity of bug bounty programs, like Trend Micro’s Zero Day Initiative, and
\nthe rise of Access-as-a-Service \u2013 the new force in the exploit market.<\/p>\n
\n
<\/p>\n
\n
<\/p>\n
\nhas the advantages of an exploit, but all the hard work has already been done
\nfor the buyer, with underground prices starting at $1000USD.<\/p>\n
\n
<\/p>\n
\n
<\/p>\n
\ntrends are combining to create greater risk for organizations. With nearly 50
\nnew CVEs released per day in 2020, the pressure on security teams to prioritize
\nand deploy timely patches has never been greater \u2013 and it’s showing. Today, the
\ntime to patch averages nearly 51 days for organizations patching a new
\nvulnerability. To cover that gap in security protection, virtual
\npatching<\/a> is
\nkey. It is based on intrusion prevention technology and offers a hassle-free
\nway to shield vulnerable or end-of-life systems from known and unknown threats
\nindefinitely.<\/p>\n
\n
\n
\n
<\/p>\n