Known, unpatched flaws draw most attacks, Kaspersky says
Cybercriminals still make extensive use of known vulnerabilities, even as zero-day attacks continue to rise.
In joint research carried out by Kaspersky Lab and Outpost24, unpatched loopholes continue to be a popular means of carrying out attacks.
Kaspersky Lab global research and analysis team senior security researcher, David Jacoby, said that this is situation is leading cybercriminals to hack the people that manage the system instead of a business system itself. (See also "How to protect your PC against devious security traps."
"The results are a wake-up call for those searching for tailored security solutions that cover the 'threats of tomorrow,'" he said. "It highlighted that training your staff to be prudent is just as important."
Despite companies paying for a dedicated service to look after their security, the research found some corporate systems remained unpatched and vulnerable for a decade.
Even so, Jacoby said that hotels and privately owned companies have so far "shown a greater awareness and security" than government organizations.
A global issue
Outpost24 chief security officer Martin Jartelius said the joint research highlights how unsophisticated attacks on corporate networks can have an effect without resorting to expensive zero-day exploits.
"Whether it's exploiting poor security practices, misconfigured security devices, or staff that lack security training, companies should understand that it is possible to gain control of most parts of the organization, even though no new attacks or methods are used," he said.
Jartelius adds that the time from when a vulnerability is detected to when it is patched is "almost uniform in every country," indicating that this is a global trend.
"It is therefore essential to shift the approach to security from stand-alone tools to integrated solutions as part of business processes," he said.