This year¡¯s security fails findings in highest number¡¦GOOGLE ¡®No.1¡¯
Lee Gyung Tak | kt87@ | 2017-12-29 11:31:01
Targeted attacks targeting software (SW) vulnerabilities are expected to increase in 2018, requiring the attention of related organizations and companies.
According to CVE Detail on December 27, the number of "Open Security Vulnerabilities (CVEs)" discovered in 2017 was 1,455, which exceeded 10,000 for the first time since its first survey in 1999. This is more than double the figure of 6447 last year, and it can be seen that the hackers` prey and attack route have been diversified so much.
If we take a look by company, Google (1,000), Oracle (871), Microsoft (Microsoft, 683), IBM (652), Apple (557) and Cisco (490) are in high result. Security industry analysis shows that many companies have a large number of service and product groups and a large number of users.
By product, services such as Android (841), Linux kernel (434), IOS (365), Image Magic (346), Mac OSX (278), Windows 10 (265), Windows Server 2016 ), 2008 (241), 2012 (233), and Windows 7 (227).
There is also an interpretation by security experts that it is not negative that many CVEs are found.
Kim Do-Won, Korea Internet Development Agency`s (KISA) Vulnerability Analysis Team Leader, said, "The security of companies and products has been lowered, but the number of new services such as IoT has increased, It seems to have affected."
The problem is how companies cope. OPSWAT, a malware detection specialist in October, cited open CVEs as one of the six threats to global cyber-security.
Hackers have produced related malicious code within an average of 15 days after the vulnerability is known, but many managers are ignoring the vulnerability warning.
According to the Global Threat Prospect Report released by Fortinet in April, eight of the world`s 10 enterprises have been attacked by more than a decade of exploiting vulnerabilities. The fact that there are many attacks against known old vulnerabilities means that companies are negligent in security measures.
In fact, the security vulnerability of Windows OS used in "Warner Crime" in North Korea, which put the whole world into fear of Ransomware in May, was also known beforehand, and Microsoft distributed urgent patch files, but it was useless.
A security industry expert said, "SW companies should not try to hide their vulnerabilities when they find them, but also have a stance to thoroughly explain and notify related issues."
By Lee Gyung Tak kt87@