Overlooked Old Vulnerabilities Lead to Major Data Breaches, Says TrustWave
Oct 30, 2010
Cybersecurity / Data Protection
A recent report suggests that focusing too much on new security threats might make companies overlook older, more commonly exploited vulnerabilities. The report by TrustWave is based on data from over 1,900 penetration tests and more than 200 data breach investigations for clients like American Express, MasterCard, Discover, Visa, and several large retailers. The analysis shows that major global companies are hiring "vulnerability chasers" who look for the latest vulnerabilities and zero-day threats while ignoring the most common ones. As a result, companies are being compromised by old, well-known vulnerabilities rather than new attack methods. For example, the top three ways hackers accessed corporate networks in 2009 were through remote access applications, trusted internal network connections, and SQL injection attacks. These attack methods have been well-known for years. SQL injection vulnerabilities, for instance, have been known for at least 10 years but are still c