Twitter proves better than the Dark Web for assessing vulnerability risk
The latest report from risk management and cyber security company Nopsec looks at the use of social media in risk analysis.
Twitter in particular seems to be becoming the go-to resource for security researchers and attackers looking to disseminate proof-of-concept exploits.
While some vulnerabilities have thousands of Twitter interactions -- counted by tweets mentioning their CVE identifier -- most vulnerabilities are never tweeted about or are tweeted only once. The most tweeted CVEs reflect interactions focused on well-publicized, dangerous vulnerabilities.
Trying to locate similar risk indicators on the Dark Web yields mixed results, partly because it only shows what is visible from the 'public' onion network without any registration or login. Ultimately this means the correlation between the indication-of-risk signal with Dark Web activity is much weaker than the correlation with Twitter activity.
"Results drawn from this research suggest a cautionary tale for approaches that combine data mining and Machine Learning toward the challenge of evaluating the risk associated to individual vulnerabilities," the report's author's conclude. "In general, models that are trained to rank vulnerabilities based on an indication-of-risk signal do provide value. In the absence of all other information, given a pair of vulnerabilities, such a model can be queried to render a decision as to which vulnerability to prioritize for remediation efforts. This research, however, illustrates that there there are many different signals available in this space, and moreover, those signals move at different speeds or address different facets of coverage. Twitter activity moves at a speed that is faster than publication activity of organizations such as NVD, whose aim is to deliver risk summarized in a standardized, digestible format. Activity in Dark Web market forums serves as a signal exposing the gaps in coverage of other public data sources."
Based on scans of Nopsec's client's systems the report also reveals that healthcare is the industry most plagued by software vulnerabilities. Finance comes next followed by the technology sector. The report also looks at vulnerabilities in software by vendor. Here Sun/Oracle comes top with 51 percent, followed by Adobe on 17 percent and Microsoft on 15 percent.
Because Sun/Oracle products are used more widely in the financial sector its products account for 26 of vulnerabilities there, followed by Adobe on 19 percent. In healthcare by contrast 19 percent come from OpenBSD and eight percent from Microsoft. In the tech sector it's Apache which tops the tree on 15 percent followed by Microsoft on 11 percent.
You can find out more in the full report which is available to download from the Nopsec site.