Upload
others
View
8
Download
0
Embed Size (px)
Citation preview
Priori%zingVulnerabilityRemedia%onFromA7acker’sPerspec%ve
Bharat Jogi Senior Manager, Vulnerability & Threat Research
Vulnerabili*es
0
1000
2000
3000
4000
5000
6000
7000
8000
2012 2013 2014 2015 2016
Vulnerabili*es
0
1000
2000
3000
4000
5000
6000
7000
8000
2012 2013 2014 2015 2016
Vulnerabili*esVulnerabilityisaflawinthesystemthatcouldprovideana8ackerwitha
waytobypassthesecurityinfrastructure.
ExploitAnExploittriestoturnavulnerabilityintoanactualmeanstobreachasystem
ExploitAnExploittriestoturnavulnerabilityintoanactualmeanstobreachasystem
ExploitKitsAnexploitkitorexploitpackisatypeofatoolkitcybercriminalsuseto
a8ackvulnerabili*esinsystemssotheycandistributemalwareor
performothermaliciousac*vi*es.
ExploitKits
ExploitKitsExamples
ExploitandVulnerabilityTrends
andhowtousethemtoouradvantage
#1MostAffected
Oracle11%
Google10%
Adobe8%
MicrosoP7%
Novell6%
Others58%
#2Opera*ngSystemvsApplica*ons
Opera%ngSystemExploits26%
Applica%onExploits74%
#3RemoteVsLocal
Local15%
Remote85%
RemoteVsLocalRemote Local
CVE-2016-0985:AdobeFlashPlayerRemoteCodeExecu%onVulnerabilty(APSB16-04) CVE-2016-7237:MicrosoPWindowsLSASSMemoryCorrup%onDoS(MS16-137)
CVE-2016-10033:PHPMailerRemoteCodeExecu%onVulnerabilityCVE-2016-7225:MicrosoPWindowsZwDeleteFileArbitraryFileDele%onPrivilegeEscala%on(MS16-138)
CVE-2016-2004:HPDataProtectorMul%pleSecurityVulnerabili%es(HPSBGN03580)
CVE-2016-5195:LinuxKernel2.6.22<3.9-'DirtyCOW''PTRACE_POKEDATA'RaceCondi%onPrivilegeEscala%on
CVE-2016-3081:ApacheStrutsDynamicMethodInvoca%onRCEVulnerability(S2-032) CVE-2016-1793:MacOSXKernelNullPointerDereferenceVulnerability
CVE-2016-3642:SolarwindsVirtualiza%onManagerJavaJMX-RMIRemoteCodeExecu%onVulnerability
CVE-2016-3220:MicrosoPWindowsKernel-'ATMFD.dll'NamedEscape0x250CPoolCorrup%on
CVE-2016-6366:CiscoASASNMPRemoteCodeExecu%onVulnerability(EXTRABACON)
CVE-2016-3216:MicrosoPWindows'gdi32.dll'HeapBasedMemoryDisclosure(MS16-074)
#4LateralMovement
#4HighLateralMovementCVE Vulnerability
CVE-2016-3643 SolarwindsVirtualiza%onManagerLocalPrivilegeEscala%onVulnerability
CVE-2016-1464 CiscoWebExMee%ngsPlayerforWRFFilesCodeExecu%onVulnerability
CVE-2016-2298 MeteocontrolWEBlogPasswordExtractor
CVE-2016-1909 For%OSFor%manager_AccessSSHInterac%veLoginVulnerability
CVE-2016-0099 MicrosoPWindowsSecondaryLogonEleva%onofPrivilegeVulnerability(MS16-032)
CVE-2016-2005 Hewle7PackardEnterpriseDataProtectorEXEC_BARUserNameBufferOverflowExploit
CVE-2016-3646 SymantecMul%pleProductsDecomposerEngineMul%pleFileParsingVulnerabili%es(SYM16-010)
#4HighLateralMovementCVE Vulnerability
CVE-2016-3643 SolarwindsVirtualiza%onManagerLocalPrivilegeEscala%onVulnerability
CVE-2016-1464 CiscoWebExMee%ngsPlayerforWRFFilesCodeExecu%onVulnerability
CVE-2016-2298 MeteocontrolWEBlogPasswordExtractor
CVE-2016-1909 For%OSFor%manager_AccessSSHInterac%veLoginVulnerability
CVE-2016-0099 MicrosoPWindowsSecondaryLogonEleva%onofPrivilegeVulnerability(MS16-032)
CVE-2016-2005 Hewle7PackardEnterpriseDataProtectorEXEC_BARUserNameBufferOverflowExploit
CVE-2016-3646 SymantecMul%pleProductsDecomposerEngineMul%pleFileParsingVulnerabili%es(SYM16-010)
50%ofexploitshadlateralmovementpoten*al
#5ExploitsforEOLSystems
#5ExploitsforEOLSystems
#6<7%ofvulnerabili*eshadexploits
0
1000
2000
3000
4000
5000
6000
7000
8000
2012 2013 2014 2015 2016
Exploits CVEs
ExploitKitsfromLastYearCVE Vulnerability ExploitKit
CVE-2016-0034 MicrosoPSilverlightRemoteCodeExecu%onVulnerability(MS16-006) AnglerEK,RIG
CVE-2016-0189 MicrosoPJScriptandVBScriptRemoteCodeExecu%onVulnerabili%es(MS16-053) NeutrinoSundown,RIG,Magnitude
CVE-2016-7201 MicrosoPEdgeCumula%veSecurityUpdate(MS16-129) Sundown,Neutrino
CVE-2016-7202 MicrosoPEdgeCumula%veSecurityUpdate(MS16-129) Sundown,Neutrino
CVE-2016-4117 AdobeFlashPlayerandAIRMul%pleVulnerabili%es(APSA16-02)(APSB16-15)
Magnitude,Nutrino,Angler,Sundown
CVE-2016-1001 AdobeFlashPlayerandAIRSecurityUpdate(APSB16-08) Angler
CVE-2016-1019 AdobeFlashPlayerandAIRMul%pleVulnerabili%es(APSA16-01)(APSB16-10)
NuclearPack,Magnitude,Neutrino
#7<1%ofvulnsareinexploitkits
0
1000
2000
3000
4000
5000
6000
7000
8000
2012 2013 2014 2015 2016
ExploitKit Exploits CVEs
ApplyingExploitKnowledgeNextWeek:Createinventoryof:
§ Applica*onswithweaponizedExploit§ EOLApplica*onsandEOLOpera*ngSystems§ Vulnerabili*eswithworkingexploits§ Vulnerabili*esthatcanberemotelycompromised
NextMonth:§ UpgradeEOLapplica*ons§ Patchingallvulnerabili*eswithExploitpacks
NextQuarter:§ Automa*cinventoryandaler*ng§ Debateifmostexploitedapplica*ons,likeFlash,arerequiredforbusiness
ThankYou
Bharat Jogi Senior Manager, Vulnerability & Threat Research