Cyber Security
New Research Exposing The Exploited Unveils Challenges Of The Known Exploited Vulnerability Catalog
By Business Wire
Share
Forescout researchers find 90,000 unknown vulnerabilities and other risk blind spots in standard vulnerability guidance
SAN FRANCISCO--(BUSINESS WIRE)--#Cybersecurity--RSA Conference 2024 — Forescout Technologies Inc., a global cybersecurity leader, today unveiled new research, Exposing the Exploited, an analysis uncovering a host of exploited vulnerabilities not captured by the CISA KEV catalog, the most popular source of information on vulnerabilities known to be actively exploited by threat actors. Exposing the Exploited details how an over-reliance on legacy information databases and standard guidance drastically underrepresents the global threat landscape. The study was conducted by Forescout Research – Vedere Labs, a leading global team dedicated to uncovering vulnerabilities in and threats to critical infrastructure.
“Vulnerabilities are being found, weaponized, and exploited in the wild faster than ever before, with 97 0-days exploited in 2023 and already 27 this year,” said Elisa Costante, VP of Research, Forescout Research – Vedere Labs. “Current methodologies for cataloging issues such as MITRE’s Common Vulnerabilities and Exposures (CVE) system and NIST’s National Vulnerability Database (NVD) are critical tools but have significant limitations. This research shows that even FIRST’s Common Vulnerability Scoring System (CVSS), the Exploit Prediction Scoring System (EPSS) and CISA's Known Exploited Vulnerabilities (KEV) should not be used exclusively.”
Read the blog: Exposing the Exploited: Analyzing vulnerabilities that live in the wild
Forescout researchers found a significant increase in unrecognized exploited vulnerabilities in the wild with no CVE identifiers and CVSS scores. The top findings include:
- Vulnerabilities without a CVE are growing. Forescout recently found 90,000 vulnerabilities without a CVE ID and this number is increasing every year. 44% of the vulnerabilities without a CVE ID can be used to gain access to a system and 37% have either high or critical severity.
- No database captured everything. 2,087 distinct exploited vulnerabilities were identified across four databases, but no database alone contained all the information. CISA-KEV had 1,055 (50%) of the total exploited vulnerabilities. 968 exploited vulnerabilities (47%) are seen in only one database and only 90 (4%) are seen in all four.
- Customer networks showed thousands of affected devices. The devices were affected by 28 vulnerabilities in our catalog (VL-KEV) and were not tracked by the CISA KEV list. Most of these devices were uninterruptible power supplies (UPSs), computers, printers, infusion pumps, and network equipment.
- Most exploited vulnerabilities had either high (44%) or critical (39%) severity. The most common root causes of exploited vulnerabilities were OS command injections, path traversals, improper input validation and out-of-bounds write.
- The most common targets were web applications, operating systems and routers. OT and IoT devices were the fifth most common target. The most exploited OT and IoT devices were Network Attached Storage (NAS), IP cameras, building automation devices, and VoIP equipment.
The rapid increase in vulnerabilities being discovered and exploited by malicious actors underscores the need for a new approach to prioritization. While the CISA KEV list is a valuable resource and the most recognized catalog for exploited vulnerabilities, it does have certain limitations. Our analysis reveals that the CISA KEV catalog is not exhaustive — we have observed exploited vulnerabilities in the wild that are absent from this catalog. Additionally, crucial details on how these vulnerabilities are exploited, such as modus operandi, tactics, techniques, and procedures (TTPs), and associated indicators of compromise (IoCs), are often missing. Therefore, organizations should rely on multiple sources to enhance their preparedness.
Forescout released Exposing the Exploited from RSA Conference 2024 where its researchers can discuss these findings in the North Hall 5353, May 6-9.
How Forescout Research Works
Forescout Research employs its Adversary Engagement Environment (AEE) to conduct analysis, leveraging a blend of real and simulated connected devices. This dynamic environment functions as a robust tool, enabling the pinpointing of incidents and the identification of intricate threat actor patterns at a granular level. The overarching objective is to elevate responses to complex critical infrastructure attacks by leveraging the detailed insights and understanding derived from this specialized deception environment. The AEE is maintained by Vedere Labs, a leading global team dedicated to uncovering vulnerabilities in and threats to critical infrastructure. Forescout products directly leverage this research, which is also shared openly with vendors, agencies, and other researchers.
About Forescout
The Forescout cybersecurity platform provides complete asset intelligence and control across IT, OT, and IoT environments. For more than 20 years, Fortune 100 organizations, government agencies, and large enterprises have trusted Forescout as their foundation to manage cyber risk, ensure compliance, and mitigate threats. With seamless context sharing and workflow orchestration across more than 100 full-featured security and IT product integrations, Forescout makes every cybersecurity investment more effective.
Forescout Research – Vedere Labs is the industry leader in device intelligence, curating unique and proprietary threat intelligence that powers Forescout’s platform.
Contacts
Media Contact:
James Kenny
RH Strategic for Forescout
forescoutpr@rhstrategic.com
Carmen Harris
carmen.harris@forescout.com
First published on Tue, May 7, 2024
Liked what you read? That’s only the tip of the tech iceberg!
Explore our vast collection of tech articles including introductory guides, product reviews, trends and more, stay up to date with the latest news, relish thought-provoking interviews and the hottest AI blogs, and tickle your funny bone with hilarious tech memes!
Plus, get access to branded insights from industry-leading global brands through informative white papers, engaging case studies, in-depth reports, enlightening videos and exciting events and webinars.
Dive into TechDogs' treasure trove today and Know Your World of technology like never before!
Disclaimer - Reference to any specific product, software or entity does not constitute an endorsement or recommendation by TechDogs nor should any data or content published be relied upon. The views expressed by TechDogs' members and guests are their own and their appearance on our site does not imply an endorsement of them or any entity they represent. Views and opinions expressed by TechDogs' Authors are those of the Authors and do not necessarily reflect the view of TechDogs or any of its officials. All information / content found on TechDogs' site may not necessarily be reviewed by individuals with the expertise to validate its completeness, accuracy and reliability.
Tags:
Related News on Cyber Security
Trellix Launches Xtend Global Channel Partner Program
Wed, Feb 8, 2023
By Business Wire
Kaspersky Exits US, Forcibly Switches Users To UltraAV
Wed, Sep 25, 2024
By TD NewsDesk
ExtraHop Presents Ratiodata With Gold Partner Status
Wed, May 10, 2023
By Business Wire
Seraphic Security Named As A 2023 SC Awards Finalist
Tue, May 23, 2023
By Business Wire
Related Events & Webinars on Cyber Security
Trending Business Wire
Netapp Announces Integrated Solution With AWS Outposts For Hybrid Cloud Deployments
By Business Wire
Orange Business Launches "Live Intelligence": A Range Of Plug-And-Play Genai Solutions For Businesses
By Business Wire
Spectro Cloud Launches Edge In A Box Solution With Hewlett Packard Enterprise To Streamline Enterprise Kubernetes Adoption
By Business Wire
Veridas Launches Identity Fraud Solutions On Google Cloud Marketplace
By Business Wire
Viz.Ai Collaborates With Microsoft To Advance AI-Powered Clinical Workflows And Better Patient Care
By Business Wire
Join Our Newsletter
Get weekly news, engaging articles, and career tips-all free!
By subscribing to our newsletter, you're cool with our terms and conditions and agree to our Privacy Policy.
Join The Discussion