hp-security-research-cyber-risk-report-pdf-2-w-1408

Recommendations

Info

HP Security Research | Cyber Risk Report 2015Defenders are globalZero Day Initiative’s researchers: Geographic distributionIn its first decade, the HP Zero Day Initiative has received over 7,000 submissions from 80countries around the world. Taking a closer look at the data, an interesting perspective emergeson where in the world vulnerability research is occurring. The following list shows the countrieswith the highest submission rate since the program’s inception:1. United States2. Canada3. Italy4. France5. PolandOver the past two years, several new hot spots popped up with high submission rates andquality technical analysis including Germany, South Korea, China, and the Russian Federation.Researchers in these countries are not only focusing on vulnerability discovery but also oninnovative exploitation techniques. The coverage map below pinpoints the countries activelysubmitting unpatched vulnerabilities to the program.Figure 5. ZDI researcher coverage map22
HP Security Research | Cyber Risk Report 2015ConclusionResearchers and analysts in the HP Zero Day Initiative were busy coordinating the disclosureand remediation of over 400 high-severity vulnerabilities in 2014. This year marks the highestnumber of disclosures in a single year. 2013 brought quite a few Oracle Java sandbox bypassesto the program. In 2014, however, researchers shifted to browser vulnerabilities, focusing mostof their efforts on Microsoft Internet Explorer.Looking ahead, we will continue to seea focus on browsersand plugins.ZDI researchers tuned their browser fuzzers to discover dozens of UAF vulnerabilities. A useafter-freevulnerability can occur when memory is allocated to an object that is used after it isdeleted (or deallocated). Good programming practice dictates that any reference pointing to anobject should be modified when the memory is deallocated, to keep the pointer from continuingto make the area of memory where the object once resided available for use. (A pointer in thisabandoned condition is broadly called a “dangling pointer.”) If the pointer isn’t modified and triesto access that area of memory, the system can become unstable or corrupt. Attackers can usea dereferenced pointer in a variety of ways, including execution of malicious code.Examining 2014 submissions revealed a mix of “old” and “new” vendors at the top formost disclosures:1. Microsoft2. Hewlett-Packard3. Advantech4. SAP5. AppleIn 2013 there were a number of SCADA vulnerabilities, but 2014 marks the first year where aSCADA vendor is among the top vendors with vulnerabilities disclosed against its products.Advantech focuses on automation controllers, industrial control products, and single boardcomputers. SAP is on the list due to an audit ZDI analysts conducted against one of its products,which yielded a large number of findings.Looking ahead, we will continue to see a focus on browsers and plugins that support them. Theattack surface offered by the complex software is used heavily when targeting governmentsand high-profile organizations.23
Page 1 and 2: BrochureHP SecurityResearchCyber Ri
Page 3 and 4: HP Security Research | Cyber Risk R
Page 21: HP Security Research | Cyber Risk R
Page 72 and 73:
HP Security Research | Cyber Risk R
Page 74:
HP Security Research | Cyber Risk R
show all

hp-security-research-cyber-risk-report-pdf-2-w-1408

Create successful ePaper yourself

Delete template?

Save as template?