"APTs Overwhelmingly Share Known Vulnerabilities Rather Than Attack 0-Days"

A study conducted by researchers at the University of Trento in Italy calls on organizations to prioritize existing vulnerabilities to mitigate the risk of compromise. Their research found that most Advanced Persistent Threat (APT) groups exploit known vulnerabilities in their malicious operations against businesses, implying that prioritizing faster patching over chasing zero-day weaknesses is a more successful security strategy. They assessed how enterprises could best defend themselves against APTs. Their discoveries conflict with several traditional security views held by many security experts and companies. Between 2008 and 2020, the team manually compiled a dataset of APT attacks that included 86 APTs and 350 campaigns. Then they looked into attack vectors, affected software, exploited vulnerabilities, such as zero-days and public flaws, and more. One common security belief refuted by the study is that all APTs are sophisticated and prefer to target zero-day vulnerabilities instead of those that have already been patched. According to the research, most APT efforts used publicly known vulnerabilities. The team discovered that just eight of the 86 APTs studied—Stealth Falcon, APT17, Equation, Dragonfly, Elderwood, FIN8, DarkHydrus, and Rancor—exploited vulnerabilities that others did not. This suggests that not all APTs are as highly sophisticated as many people believe because the groups often reuse tools, malware, and vulnerabilities. This article continues to discuss the use of known vulnerabilities by APTs, the need to increase the speed at which organizations fix flaws, and update-strategy challenges faced by organizations. 

Threatpost reports "APTs Overwhelmingly Share Known Vulnerabilities Rather Than Attack 0-Days"