Malware exploitable vulnerabilities – Addressing the root cause

Jul 24, 2017
Michael Roytman
Chief Data Scientist

Share with Your Network

Today, we’re excited to announce our partnership with ReversingLabs – a leader in the world of malware research and analysis. Using metadata about malware samples submitted to ReversingLabs, and focusing on the subset of malware for which we know the Exploit that was used, we can start to treat the root cause of the problem. This is done by notifying every Kenna Security user about all vulnerabilities that are exploited by malware, now available as a new Facet in our dashboard – as well as by measuring the volume and velocity of the exploitation of this malware and incorporating that into our risk scores.

Why is this important? I’ll let the exploit data do the talking

Of the 8 trillion successful exploitations over the past  years, 46,266,667 are attributed to 28,540 different malware samples which ReversingLabs has analyzed. Keep in mind that these are only the ones we know about, there are other effective variants of the same malware families that are generating incidents. In the endpoint protection and incident response worlds, this is a great deal of work – not only does one have to keep track of all the hashes, update signature and rulesets on devices, and conduct follow up investigations – but even if you treat the pain of those 28,540 malware variants and feel the comfort associated – the root cause is still there. Put differently, let’s start treating the cause:

Number of malware samples by vulnerability.

The chart above shows the breakdown of those 28,540 malware samples by the vulnerability that the malware uses in order to propagate. The color, ranging from green to blue, shows the vulnerabilities which have resulted in the greatest number of successful exploitations over the past 4 years.

A few insights become immediately apparent

First, 299 CVEs are responsible for 44 million attacks. In the incident response paradigm, you can deal with 44 million attacks by monitoring and remediating around 30,000 malware samples, and see as those samples mutate and generate new strains. Or, you can remediate 299 CVEs, and never worry about those strands again. Kenna Security’s new partnership with ReversingLabs will let you easily identify those vulnerabilities in your environment, and if they’re high risk vulnerabilities, we’ll supply you with the MD5, SHA1 and SHA256 hashes to clean up the current infections. Root cause, addressed.

Second, and more interestingly, if those 299 CVEs are looked at through the lens of the risk meter – that is, through the lens of volume and velocity of successful exploitation, one can easily see that only a handful of them are responsible for over 90% of the successful exploitations (remediate blue above first, then move on to the rest). This kind of granular prioritization is what can make managing millions of incidents and tens of thousands of strains of malware less painful.

Learn more about our exciting Malware Exploitable feature request a demo today

Read the Latest Content

Research Reports

Prioritization to Prediction Volume 5: In Search of Assets at Risk

The fifth volume of the P2P series explores the vulnerability risk landscape by looking at how enterprises often view vulnerabilities.

5 Things Every CIO Should Know About Vulnerability Management

If you view vulnerability management (VM) as just a small part of your operation, it might be time to take another look.  Managing vulnerabilities is...



Get Started Using the Exploit Prediction Scoring System (EPSS).

Cyentia Institute’s Chief Data Scientist and Founder Jay Jacobs gives tips on how to get started using the Exploit Prediction Scoring System (EPSS). You...

© 2022 Kenna Security. All Rights Reserved. Privacy Policy.