44% of 2015 Hacks Exploited Vulnerabilities Over Five Years Old.

Shoe Print vulnerabilities

Incredibly, five of the top ten network intrusions in 2015 used vulnerabilities that are over five years old. And all of the top ten hacks exploited vulnerabilities that are over a year old.

Top of the list are variants of Stuxnet, the infamous worm-based vulnerability that caused Iran’s high-speed centrifuges to self-destruct (leading many to speculate that Stuxnet was created by government/s with an interest in undermining that country’s nuclear capability).

Stuxnet-based intrusions accounted for 29% of intrusions by volume, according to a report by HP (link below). And that’s even though two major patches have been issued for Stuxnet since it for appeared in 2010.

Next up in HP’s list are Adobe Reader and Acrobat vulnerabilities which account for 11% of intrusions. Covering the HP study on their website, Tripwire (link below) quoted their own security analyst Kevin Westin: “One challenge for many organizations is to identify and take inventory of what systems are on their network and what applications and specific versions they are running—a lot of times, organizations don’t even know what systems require patching to begin with”.


Business Class network audit checks 50k+ vulnerabilities for 499 Euros.

Sergio Loureiro – founder of SecludIT – says the fact that such a high proportion of hacks are exploiting old vulnerabilities proves that companies are not doing enough to protect their assets. “The problem for SMEs,” Sergio says, “is that they think consumer-class anti-virus software is going to protect their PCs, which they perceive as being the vulnerable periphery of the network. But in fact the corporate risk is in infected servers, which is why we have developed the S-Diag corporate security software tool.”

“For just 499 Euros, S-Diag provides a deep network vulnerability audit. The audit comes with one-to-one support and gives detailed c-suite and technical reports with a couple of hours. Suddenly, SMEs are only a few hours away from knowing the truth about their network liabilities..”


S-Diag includes:

– A deep scan of IT resources for over 50,000 vulnerabilities.
– An “easy to understand” management report for the C-Suite.
– Remediation advices for the IT team.
– A one-to-one phone appraisal of your report with a SecludIT expert.


There are three different S-Diag audits to choose from:

– Enterprise server.
– Internet & web server.
– E-commerce server.

Loureiro emphasises that S-Diag has no effect on network performance, and that specialist security experts at SecludIT will help SMEs through the entire process. “Now even small businesses can afford a world-class security analysis of their network thanks to S-Diag. Our analysis and report enables companies to see exactly what problems they have now, resolve those problems, and create a security strategy for the future.”


Read more on www.darkreading.com

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.