The most crippling and devastating breach of the decade was the cyberattack on SolarWinds Orion, a network monitoring tool. Infected servers currently exist, and attacks still take place due to companies being unaware of dormant attack vectors set up before patch. However, with that said, here is our pick of the 10 most (in no particular order) prominent and notable network security issues and breaches that won’t be forgotten.
It was also not feasible to call out and list all vulnerabilities that threatened the IT world in the past decade. With over 100,000 tracked vulnerabilities on NVD from 2011 to 2021 and a wide range of vendors/products involved, choosing 10 of the most egregious network security flaws was not easy. Our pick of top 10 network vulnerabilities that defined the decade Reviewing CWE over time (Figure 3), CWE-79, aka ‘XSS,’ seemed to be the flaw that was high on the list every year. Ports 80 and 443 lead the list of commonly open ports, so it is no surprise that web application exploits dominated the decade. However, it is significant to note that web application exploits have dominated the decade as seen in the chart below (See Figure 2).įigure 2: Exploits by Type over the decade ( Source: Exploit-DB)
Orion solarwinds network performance monitor software#
The surge in 2017 may have come from a more extensive collection of software products being catalogued in NVD. The chart above shows a steady increase in the number of vulnerabilities reported to NVD from 2011 through 2016, followed by an exponential increase in 2017 and then a continued increase every year thereafter. The most obvious trend, based on sources like the National Vulnerability Database (NVD), Exploit-DB, VulnIQ, and Trustwave’s own security data, is that security incidents and individual vulnerabilities have been increasing in number and becoming more sophisticated.įigure 1: Vulnerability Severity Distribution over time ( Source: NVD) Nevertheless, the data that is available provides enough information to spot some significant trends. It is difficult to tell the complete story about the network security landscape from the past decade because security tools and event loggers have evolved so much recently that many of the metrics that we take for granted today simply did not exist 10 years back. Tremendous Growth in Reported Vulnerabilities Over the Past Few Years With that in mind the Trustwave team believed this was a suitable time to take a minute and review some of the watershed moments that had a major impact on cybersecurity between 20. So, if one does not know what has recently taken place it leaves you vulnerable to another attack. Threat actors reuse well-known and previously patched vulnerabilities and attempt to take advantage of organizations making the same error over and over. ” This statement is particularly true when it comes to cybersecurity. The Spanish philosopher George Santayana is credited with the aphorism “Those who cannot learn from history are doomed to repeat it. Decade Retrospective: The State of Vulnerabilities
0 kommentar(er)
