Enterprise IT security strategies should align by patching their systems for known vulnerabilities, rather than chasing a fix for every zero-day that emerges – a research study on APT revealed.
Researchers from the University of Trento in Italy worked on assessing the software strategy that might best suites to defend against APT – in particular, whether every patch should be applied as soon as it becomes available.
The good news for enterprise IT management is that a focus on known vulnerabilities with caution is nearly as safe as trying to get every zero-day patched as soon as possible.
The researchers stated the impact of 86 APTs and 350 attack campaigns from 2008 to 2020 and found the majority of campaigns try to exploit known vulnerabilities. Out of 86 APTs they examined, only eight – known respectively as Stealth Falcon, APT17, Equation, Dragonfly, Elderwood, FIN8, DarkHydrus, and Rancor – exploited CVEs not used by any other groups.
Other threat actors tend to share vulnerabilities: 17 APT groups shared four or more vulnerabilities, the researchers found, and overall 35 percent of APTs shared at least one CVE.
That focus on known vulnerabilities means one could perform 12 percent of all possible updates restricting oneself only to versions fixing publicly known vulnerabilities without significant changes to the odds of being compromised, compared to a company that updates for all versions.Researchers note
They found that enterprises following an immediate patch strategy could still be compromised from 14 percent to 33 percent of the time.