Keysight Technologies, last week announced that Ixia, a Keysight Business, has released its third annual Security Report. The 2019 report analyses the biggest security findings over the past year from Ixia’s Application and Threat Intelligence (ATI) Research Center.

This year’s report puts the risks originating from historic unpatched vulnerabilities as well as from growing network and application complexity under the spotlight.

The report draws on Ixia’s in-depth experience in network security testing, and the company’s focus on network and cloud visibility. A globally distributed team of dedicated cybersecurity professionals staffs the Ixia ATI Research Center and continually monitors and analyses the ever-evolving indicators which could threaten the security of enterprise IT networks.

Inputs to the research process come from multiple sources, including Ixia honeypots which actively look for threats in the wild, independent research by the team that conducts tests and reverse engineers exploits to determine how they work, international exploit databases, the Dark Web, partner feeds, scans of security news alerts, social media and crowdsourcing.

Key findings from the 2019 Security Report

Software security flaws caused the majority of product vulnerabilities More new devices joined networks than ever before, but also more devices designed and deployed without proper measures to stop or even limit threats. Well-understood SQL injections and cross-site scripting vulnerabilities were used by bad actors to target web applications.

Code sharing posed its own risk, a study found that answers on the popular coding site Stack Overflow contained their own security vulnerabilities. Zero-day exploits gave hackers an advantage over IT security teams, who struggled to stay ahead of constant vulnerability disclosures. Some open source organizations attempted to proactively mitigate vulnerabilities by standardizing security controls and measures inside commonly used web development frameworks. However, code fragmentation makes it difficult for these central improvements to address the widespread problem.

Humans are the weakest link

In 2018, Ixia detected 662,618 phishing pages in the wild, and 8,546,295 pages hosting or infected by malware – so a successful attack on an organization’s infrastructure requires only a single errant click on an email or link. A well-crafted and well-timed phishing attempt can encourage even tech-savvy users to click on compromised links. Successful defence depends on a combination of proactively educating users, blocking phishing attacks and malware that cross the network edge, and detecting and blocking lateral movement in a network.

Cyber hygiene is at an all-time low IT vendors created code or configurations that led to many successful security breaches in 2018, but IT operations and security personnel also shared the blame. Well-known attacks and attack vectors remained successful because security personnel did not address vulnerabilities, either due to a lack of knowledge of the latest patches or challenges in deploying them in a timely manner.

Security vulnerability disclosures are a double-edged sword Both hackers and security vendors benefit when vulnerabilities are announced in the open, particularly zero-day exploits. Mirai, Drupalgeddon and the D-Link DSL-2750B remote code execution vulnerability are examples where hackers were able to move faster than vendors and IT teams.

Crypto-jacking activity continues to grow This threat reached new peaks in 2018, with hackers combining multiple classic attacks to deliver nearly autonomous malware. Ixia honeypots captured several new exploits that run an EternalBlue scan, and when successful, deposit a cryptominer on the network.

Security Watchlist for 2019

Based upon Ixia-collected data and historical activity, the Ixia ATI team predicts the following six trends for 2019:

  • Abuse of low-value endpoints will escalate
  • Brute-force attacks on public-facing systems and resources will increase
  • Cloud architectures will create complexity that increases attack surfaces
  • Phishing will continue to evolve
  • Multiphase attacks that use lateral movement and internal traffic will increase
  • Crypto mining/cryptojacking attacks will increase