Long Tail of Security Vulnerabilities and Nation State APT Actors.

TytułLong Tail of Security Vulnerabilities and Nation State APT Actors.
Publication TypeBook Chapter
Year of Publication2023
AuthorsWilusz, D., D. Sadowczyk, A. Wójtowicz, and L. Tasiemski
EditorWójtowicz, A., D. Wilusz, O. Kryvoruchko, and V. Tokar
Secondary Title Challenges and Reality of the IT-space: Software Engineering and Cybersecurity. International Conference SECS-2022, October 25-26th, 2022, Proceedings Book
Pagination3-15
Publisher Institute of Bioorganic Chemistry, Polish Academy of Sciences, Scientific Publishers OWN
CityPoznań
ISBN Number978-83-7712-049-1
Punkty ministerialne20
Słowa kluczoweadvanced persistent threat, Cybersecurity, security patch, software vulnerabilities, unpatched vulnerability, vulnerability long tail
Abstract

Recently numerous Advanced Persistent Threat groups originating from various countries have been identified, carrying out a wide range of attacks from spear phishing to exploits focused on various entities both commercial and governmental and even military. Many of them exploit zero-day unknown vul-nerabilities for which no patch is available, however there are also many cases in which the patch is publicly known and perfectly accessible to the software administrator, but still it is not applied to vulnerable software. This phenomenon is analyzed in the presented work. The list of most commonly exploited vul-nerabilities has been cross-referenced with commonly available reports of APT actors’ activity, and checked against the raw data from a massively used vul-nerability management solution. The authors postulate that APT groups suc-cessfully exploit the “long tail” of security vulnerabilities that remain unpatched for months and even years, despite the availability of a fix.
ZałącznikWielkość
SECS_2022_Long_tail_manuscript.pdf802.95 KB