The Threat of Software Vulnerabilities

Tuesday September 5, 2017Print Page

In May 2017, WannaCry caused mayhem, infecting more than 300,000 computers, and produced excessive losses. “The estimated damage caused by WannaCry in just the initial 4 days would exceed a billion dollars, looking at the massive downtime caused for large organizations worldwide”, says Stu Sjouwerman, founder, and CEO at KnowBe4, a company that specializes in training employees on how to detect and respond to ransomware attacks. Cybersecurity Ventures predicts Global ransomware damage costs will exceed $5 billion in 2017, up from $325 million in 2015.

A ransomware is a malware (malicious software) that infects computers and restricts their access to files, often threatening permanent data destruction unless a ransom is paid[1]. Ransomware infiltrates computer systems using one or a combination of methods. The WannaCry ransomware, in particular, exploited a software vulnerability to ravage over 10,000 organizations from 150 countries[2].

Flaws or weaknesses in software or code are known as software vulnerabilities and contribute to security concerns. They have different classifications and some can be more critical than others. A zero-day vulnerability, for instance, is a type of software vulnerability which is not publicly reported or announced before being exploited, leaving the software’s author with zero day in which to create patches or advise workarounds to mitigate its actions[3].

Identifying zero-day vulnerabilities has become a multi-million dollar business for cybercriminals. Exploiting these weaknesses tend to lead to breaches of sensitive proprietary data which may be targeted and can be sold on black markets, used for blackmailing, or permanently destroyed.  Please review our site to see other articles by WCG related to Cyber Espionage. There are other types of software vulnerabilities which allow cyber-attackers to exploit weaknesses. These vulnerabilities include backdoors, buffer overflows, and input validation along with many others. They also cause compromise to computer programs, sensitive data, additional computers, mobile devices and networks.

Wilson Consulting Group believes it is important to identify, assess, and address software vulnerabilities to help mitigate data breaches. We offer an Application Security Assessment service to help organizations secure their applications and to alleviate deficiencies that can potentially compromise functionalities and sensitive data and prevent regulatory compliance.

Our Application Security Assessment service:

  • Assesses off-the-shelf and custom applications,
  • Determines threats and vulnerabilities,
  • Evaluates application behavior,
  • Identifies information leakage and data breach risks, and
  • Provides clear and concise reports on any threats

Please contact us here for more information on how to assess the security of your applications.

Your Security … Our Priority

[1]http://cybersecurityventures.com/ransomware-damage-report-2017-5-billion/

[2]https://www.helpnetsecurity.com/2017/05/18/wannacry-smb-risk/

[3]http://www.eset.co.uk/Press-Centre/Blog/Article/flash-zero-day