To keep track of all software product vulnerabilities, the National Institute of Standards and Technology maintains a ‘National Vulnerability Database’ (NVD), where all information about open vulnerabilities is recorded. Recently, Skybox Security released a midyear update to its 2020 Vulnerability and Threat Trends Report, which provides some interesting insights about the vulnerabilities.
A major increase in the number of vulnerabilities
The report contained some concerning findings for organizations as they struggle to manage and mitigate cyber-risk at a time of mass remote working.
- Skybox Security predicts that 2020 will end with 20,000 reported vulnerabilities, as compared to 17,306 in 2019. Till mid-2020, 9000 vulnerabilities have been reported.
- The report stated that vulnerabilities on the smartphone OSs increased by 50 percent, in which Android flaws have a major contribution. A 50% year-on-year increase in Android OS flaws can be blamed for some part of this increase.
- The development of new ransomware and malware samples has drastically increased during the COVID–19, leading to a boom in the identification of new vulnerability exploits.
- Moreover, there has been a significant increase in exploits taking advantage of the Remote Desktop Protocol (RDP).
Massive batches of patches
Several vendors have been releasing massive batches of patches, and organizations are often observed struggling to cope with these frequent patches.
- In July 2020, Microsoft released its July 2020 Patch Tuesday update to address a total of 123 security vulnerabilities across 13 products.
- In April 2020, Oracle released a Critical Patch Update including 405 patches for its 13 key Oracle products such as Oracle Financial Services Applications, Oracle MySQL, etc.
- In the same month, Google addressed over 50 vulnerabilities in the Android operating system, including four critical issues in the System component, in its April 2020 Patch update.
Vulnerabilities across extended networks
A drastic increase in vulnerability count and frequency of patches can easily turn into an overwhelming pressure on security teams. Organizations are advised to ensure security for all connected devices across the expanded network coverage due to the work-from-home situation, and avoid forthcoming mishaps.