Twitter becoming cyberattack haven as hackers favor outcomes over ease

The  2016 State of Vulnerability Risk Management report from security specialist NopSec also found that exploit techniques are becoming increasingly sophisticated.
By Bill Siwicki
09:01 AM

Twitter is becoming a cyber-attacker haven, hackers care less about ease and more about outcomes, and exploit techniques are becoming increasingly sophisticated, according to the “2016 State of Vulnerability Risk Management” report from NopSec, a vendor of cloud-based cybersecurity threat prediction and remediation technology.

Social media is playing a larger role in the realm of cybersecurity, the report found, and Twitter is becoming one of the top platforms for security researchers and attackers looking to disseminate proof-of-concept exploits.

Vulnerabilities associated with active malware, in fact, are tweeted nine times more than vulnerabilities with just a public exploit and 18 times more than all other vulnerabilities, NopSec found.

[Special Report: Ransomware to get worse, hackers hit whales, IoT opens new holes]

The report also indicated that cyber-attackers appear to care less about how easy a vulnerability is to exploit and more about the ultimate impact and outcome. Seventy five percent of exploited vulnerabilities resulted in high data loss, while only 20 percent of vulnerabilities without a public exploit experienced complete data loss, according to the report.

Further, exploit techniques are becoming more sophisticated than ever before. Exploit kits such as Angler and Nuclear are integrating a wide range of Microsoft, Adobe Flash and Oracle Java exploits; 98 percent of the ones tracked by FireEye came from those three vendors, the report said.

For the report, NopSec partnered with FireEye Labs to evaluate the malware-based risk of vulnerabilities and their potential to be weaponized by active malware in the wild.

“Vulnerability management and mitigation can be more effective and prioritized on vulnerabilities used by malicious attackers in the wild where critical assets are exposed,” said FireEye Labs’ director Geok Meng Ong.

Sign up for the Healthcare IT News Privacy & Security Update newsletter. 

Twitter: @SiwickiHealthIT
Email the writer: bill.siwicki@himssmedia.com


Like Healthcare IT News on Facebook and LinkedIn