To delve deeper into this challenge, Secunia has compared different patching strategies under the assumption of limited resources. Measurements demonstrate that an intelligent patching strategy can result in increased resilience against exploits; lowering risk levels by up to 80% and maximizing operational efficiency.
An attacker’s mind-set
Cybercriminals are constantly refining their tactics in line with the evolution of the industry and it could therefore be stated that an opportunity for a cybercriminal is represented by the following formula: Opportunity = #Hosts x #Vulnerabilities.
The number of hosts certainly correlates with the 2 billion users with Internet access – a number which has increased by more than 400% in the last decade. With such a huge amount of Internet users, it becomes clear that end-points are being increasingly targeted as even the smallest rate of success of an attack translates into a considerable number of compromised systems.
Corporate and private end-points are both extremely rewarding targets for cybercriminals. End-points are difficult to defend due to their dynamic environments and the unpredictable usage patterns by users. End-points are also highly valuable as they are the location where the most valuable data is found to be the least protected – e.g. access to all data needed to conduct an organisation’s business. Even if no sensitive data is present, the end-point’s computing power and bandwidth provide valuable resources, for example as an infection point, proxy, or for distributed password cracking services.
In other words, everyone who uses the Internet – around 31% of the Earth’s population – is a target.
Evolving vulnerability risks
The recent white paper, ‘How to Secure a Moving Target with Limited Resources’ by Secunia tracks a representative end-point comprising the operating system (Windows XP) and a software portfolio with the industry’s top 50 most prevalent programs. This representative portfolio has programs from 14 different vendors installed: 26 programs from Microsoft and 24 programs from third-parties (non-Microsoft).
To measure the number of vulnerabilities per host, data gathered from over 3 million users of Secunia’s free, lightweight scanner that identifies and patches insecure programs on end-points, is used. The analysis of this data reveals an alarming trend – the number of vulnerabilities affecting this typical end-point increased by 71% in the last year. These findings suggest that end-points are increasingly targeted with the majority of vulnerabilities exploitable from remote, thereby providing direct system access to the attacker.