Get Mystery Box with random crypto!

In the same 'Palo Alto 2022 Unit 42 Incident Response Report' | Vulnerability Management and more

In the same "Palo Alto 2022 Unit 42 Incident Response Report" there is one more interesting point. Groups of vulnerabilities that were most often used in attacks. "For cases where responders positively identified the vulnerability exploited by the threat actor, more than 87% of them fell into one of six CVE categories.".

CVE categories:

• 55% Microsoft Exchange ProxyShell (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207)
• 14% Log4j
• 7% SonicWall CVEs
• 5% Microsoft Exchange ProxyLogon (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065)
• 4% Zoho ManageEngine ADSelfService Plus (CVE-2021-40539)
• 3% Fortinet CVEs

• 13% Other

On the one hand, this can be used to prioritize vulnerabilities. And also to identify software and software groups that need special monitoring. I would also like to look at the vulnerabilities in the Other category. But unfortunately they are not included in the report.

On the other hand, it shows how all these vulnerabilities and incidents depend on a particular region. Well of course Microsoft Exchange is used everywhere. Log4j has also affected almost every organization in one way or another. Perhaps in our region, I mean in Russia, some organizations use Fortinet. But SonicWall and Zoho look absolutely exotic. And in those locations where Unit 42 solves incident response cases, these are very important vendors and products.

Or we can remember last year's story with Kaseya VSA. Thousands of companies have been affected by the ransomware. But again, it was not in our region and therefore it was not particularly interesting for us.

Taking into account the exodus of Western vendors from the Russian IT market, the landscapes "here" and "there" will differ more and more. More and more incidents in Russia, will occur due to vulnerabilities in our local software. In software that Western information security vendors may never have heard of. BTW, have you heard about 1C (Odin-Ass )? And it works both ways. Does this mean that in Russia, we will need Vulnerability Management solutions focused on our Russian IT realities? Well apparently yes. And something tells me that this will not only happen in Russia.

It seems that the time of total globalization in IT is running out. And the ability of VM vendors to relatively easily take positions in new regions is also disappearing. The great fragmentation is coming. But it will be even more interesting that way.

Версия на русском

@avleonovcom #VMnews #PaloAlto
Next Message
telegram-store.com © 2016-2024
Non official site about Telegram
All rights reserved. Copying and using of full materials is prohibited, partial quoting is possible only with a hyperlink to the site telegram-store.com.