APTs Overwhelmingly Share Known Vulnerabilities Rather Than Attack O-Days

Most advanced persistent threat groups (APTs) use known vulnerabilities in their attacks against organizations, suggesting the need to prioritize faster patching rather than chasing zero-day flaws as a more effective security strategy, new research has found. Security researchers at the University of Trento in Italy did an assessment of how organizations can best defend themselves against APTs in a recent report published online. What they found goes against some common security beliefs many security professionals and organizations have, they said. The team manually curated a dataset of APT attacks that covers 86 APTs and 350 campaigns that occurred between 2008 to 2020. Researchers studied attack vectors, exploited vulnerabilities–e.g., zero-days vs public vulnerabilities–and affected software and versions. One belief the research debunked is that all APTs are highly sophisticated and prefer attacking zero-day flaws rather than ones that have already been patched. “Contrary to common belief, most APT campaigns employed publicly known vulnerabilities,” they wrote in the report. Indeed, of the 86 APTs that researchers investigated, only eight–Stealth Falcon, APT17, Equation, Dragonfly, Elderwood, FIN8, DarkHydrus and Rancor—exploited vulnerabilities that others didn’t, researchers found. This demonstrates that not all the APTs are as sophisticated as many think, as the groups “often reuse tools, malware, and vulnerabilities,” they wrote in the report. Faster Updates Reduce…