Malware exploitable vulnerabilities – Addressing the root cause

Michael Roytman    July 24, 2017

Today, we’re excited to announce our partnership with ReversingLabs – a leader in the world of malware research and analysis. Using metadata about malware samples submitted to ReversingLabs, and focusing on the subset of malware for which we know the Exploit that was used, we can start to treat the root cause of the problem. This is done by notifying every Kenna Security user about all vulnerabilities that are exploited by malware, now available as a new Facet in our dashboard – as well as by measuring the volume and velocity of the exploitation of this malware and incorporating that into our risk scores.

Why is this important? I’ll let the data do the talking.

Of the 8 trillion successful exploitations over the past  years, 46,266,667 are attributed to 28,540 different malware samples which ReversingLabs has analyzed. Keep in mind that these are only the ones we know about, there are other effective variants of the same malware families that are generating incidents. In the endpoint protection and incident response worlds, this is a great deal of work – not only does one have to keep track of all the hashes, update signature and rulesets on devices, and conduct follow up investigations – but even if you treat the pain of those 28,540 malware variants and feel the comfort associated – the root cause is still there. Put differently, let’s start treating the cause:

The chart above shows the breakdown of those 28,540 malware samples by the vulnerability that the malware uses in order to propagate. The color, ranging from green to blue, shows the vulnerabilities which have resulted in the greatest number of successful exploitations over the past 4 years.

A few insights become immediately apparent:

First, 299 CVEs are responsible for 44 million attacks. In the incident response paradigm, you can deal with 44 million attacks by monitoring and remediating around 30,000 malware samples, and see as those samples mutate and generate new strains. Or, you can remediate 299 CVEs, and never worry about those strands again. Kenna Security’s new partnership with ReversingLabs will let you easily identify those vulnerabilities in your environment, and if they’re high risk vulnerabilities, we’ll supply you with the MD5, SHA1 and SHA256 hashes to clean up the current infections. Root cause, addressed.

Second, and more interestingly, if those 299 CVEs are looked at through the lens of the risk meter – that is, through the lens of volume and velocity of successful exploitation, one can easily see that only a handful of them are responsible for over 90% of the successful exploitations (remediate blue above first, then move on to the rest). This kind of granular prioritization is what can make managing millions of incidents and tens of thousands of strains of malware less painful.

Learn more about our exciting Malware Exploitable feature from our 2 minute demo video.

Also, if you are attending Black Hat, visit our booth #1768 to learn more about our new Malware Exploitable feature in person.

Leave a Reply

Your email address will not be published. Required fields are marked *