November 2024

Cyber threats
Barometer

Every month, cyber threats as seen by Gatewatcher’s CTI analysts
Le Lab Gatewatcher D
130 575
Identified Indicators of Compromise (IOCs)
82 058
Identified compromise reports (sum of IoCs)

Highlight of the month

.

The end of the year is a good time to take a step back and learn from the events of the past year. As it does every year, the non-profit organization Mitre has published its top 25 most common CWEs for the period June 2023 to June 2024.

For this 2024 version, based on the observation that many associations were too high-level and therefore imprecise, Mitre made a special effort to associate vulnerabilities with their associated software weakness.
The CNAs (CVE Numbering Authorities) were asked to participate in the process, so as to reassociate around 30% of the vulnerabilities considered with more precise software weaknesses. In addition to this fundamental work, a simplification was carried out to conform to the 1003 view often used to make associations between CVEs and CWEs. Finally, the calculation of the score has been revised to make it more representative.

These changes have had a strong impact on the ranking. Only 3 weaknesses have retained their ranking, such as CWE-89 (Improper Neutralization of Special Elements used in an SQL Command or, more commonly, SQL Injection), which unfortunately remains in third place. CWE-94 Improper Control of Generation of Code, better known as Code Injection, which is often associated with content management software such as WordPress (especially its plug-ins) or Prestashop, also rose sharply (+12 places).
Finally, CWE-400 (Uncontrolled Resource Consumption) and CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) moved up to 24th and 17th place respectively, at the expense of CWE-362 (Race condition) and CWE-276 (Incorrect default permission).

The top trio has changed little since last year, with the first and second places simply reversed, led by CWE-79 (Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’), CWE-787: Out-of-bounds Write and CWE-89 (SQL Injection).

More than a purely statistical ranking, this top 25 is a valuable resource for security researchers and developers alike. It enables them to focus on the most common weaknesses and thus improve the code produced, on the one hand, and infrastructure defense by linking software weaknesses to the repository of vulnerabilities actively exploited by attackers (KEV), on the other. However, the relative stability of the top three suggests that some bad practices still have a long way to go.

TOP

COMMON VULNERABILITIES & EXPOSURES  (%)

TOP

TARGETED BUSINESS SECTORS (%)

Definition of the month

Closely related to CVEs, CWEs can be used to categorize software weaknesses. A weakness is defined as a condition in software or hardware which, under certain circumstances, can lead to a vulnerability. The list and definitions of these weaknesses are the work of a community of participants from government, business and academia. In order to remain faithful to reality, the list of weaknesses is updated 3 to 4 times a year.

The primary use of this list is to enable risks to be prioritized during the software development life cycle (SDLC), so that they can be corrected as early as possible, thereby limiting both financial and development costs.

TOP

MALWARE FAMILIES (%)

TOP

THREAT CATEGORIES (%)

About the Cyber Threat Barometer

Malware, critical vulnerabilities, advanced persistent threats, industries particularly targeted, weak signals of emerging attacks…It’s no secret that knowledge of one’s adversary is a key factor for the security of an enterprise. The Cyber Threats Barometer gives you a monthly overview of the cyber threats detected by Gatewatcher CTI, our Cyber Threat Intelligence platform.

Gatewatcher CTI’s automated collection, analysis and correlation engines are continuously fed by more than 4000 data sources from multiple channels: social networks, specialized sites, dark and deep web. They make threat information available an average of 24 hours in advance of the competition and help operational response teams make better decisions by dramatically reducing their analysis and incident treatment times.

Ask for a demo

Cyber Threats Barometer: Your monthly cyber threats overview as seen by Gatewatcher’s CTI analysts