LATEST INTELLIGENCE
2019 VULNERABILITY
AND THREAT TRENDS
RESEARCH REPORT
E
PRESENTED BY
Download whitepaper here
18
INTELLIGENTCIO
Executive summary Key findings
Vulnerabilities don’t exist in a vacuum. The risk they
pose to your organization depends on a variety
of factors both internal and external that are in a
near-constant state of change. Keeping up with
that change is vital to limiting your organization’s
risk of attack. 2018 will be remembered as the year when
cryptomining rose in prominence, overtaking
Ransomware as the cybercriminal’s tool of choice.
That’s why we publish this report – to give CISOs and
security leaders the perspective they need to see the
trends shaping the threat landscape and, in turn, their
defense strategy. The 2019 Vulnerability and Threat
Trends Report examines new vulnerabilities published
in 2018, newly developed exploits, new exploit-based
malware and attacks, current threat tactics and more.
Such analysis helps to provide much needed context
to the more than 16,000 vulnerabilities published in
the previous year. The insights and recommendations
provided are there to help align security strategies
to effectively counter the current threat landscape.
Incorporating such intelligence in vulnerability
management programs will help put vulnerabilities
in a risk-based context and focus remediation on the
small subset of vulnerabilities most likely to be used in
an attack.
Cryptomining attacks represented 27 percent
of all incidents last year, rising from 9 percent in
2017 and far surpassing ransomware’s 13-percent
share in 2018. Its rise in popularity could be owed
to the fact that cryptomining attacks are faster
to execute, generate profit for the attacker over a
longer period of time and often can occur without
the victim’s knowledge.
2018 brought more examples of exploits
derived from patches
This phenomena makes it ever more important for
security teams to track exploitability and be able
to quickly understand where and how to deploy
temporary mitigations when immediate network-
wide patching proves impossible.
Cloud security is strong but not bulletproof. While
cloud networks are relatively secure, attacks continue
to occur like that against Tesla’s AWS network in
www.intelligentcio.com