Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

2021 Trustwave SpiderLabs Telemetry Report Finds That Organizations Are Slow to Patch Even High-Profile Vulnerabilities

One of the most difficult tasks an organization faces is keeping tabs on the ever-growing threat landscape that contains malicious actors constantly probing an organization's attack surface, looking for any weakness. Making life even more difficult is an attacker's ability to quickly take advantage of when critical vulnerabilities and exploits are made public, placing cybersecurity teams on the defensive. 

To give organizations an idea of the danger presented by the presence of unpatched vulnerabilities in their systems, Trustwave SpiderLabs compiled The 2021 Trustwave SpiderLabs Telemetry Report, which reviews Internet-facing targets exposed to high-profile vulnerabilities released over the past year. Most notably, the report found that despite the high severity for some of these vulnerabilities, more than 50% of the servers had a weak security posture even weeks and months after a security update was released.

To compile the report, Trustwave SpiderLabs utilized Shodan, publicly available exploit information and non-intrusive analysis of vulnerable targets accessible on the Internet to provide insights into how an organization can best protect itself. 


2021 Trustwave SpiderLabs Telemetry Report

The 2021 Trustwave SpiderLabs Telemetry Report: The State of High Profile Vulnerabilities reviews Internet-facing targets exposed to high-profile vulnerabilities released in 2021. It was compiled using Shodan, publicly available exploit information and non-intrusive analysis of vulnerable targets accessible on the Internet by the Trustwave SpiderLabs team. The report also provides general vulnerability mitigation best practices and tips for CISOs and security practitioners looking to strengthen their cyber resilience.

This year has seen more than its fair share of organizations victimized by attackers who found a vulnerability in their system. In many cases, the organization remained vulnerable due to a failure to patch software promptly. The report also includes best practices for organizations for avoiding vulnerability exploitation.

We sat down with Trustwave SpiderLabs Security Researcher Jason Villaluna to discuss some of the key insights and trends from the 2021 Telemetry Report in more depth.

What was the most surprising point you uncovered compiling the report?

Most folks outside of IT security will find it surprising that many outdated applications and services are accessible from the Internet. Since many tools can detect these instances, it means the applications can be easily exploited by individuals who have the skills to do so. The worrisome aspect of this is that many organizations are not aware of the risks of exposing such apps and services.

Why do organizations struggle with vulnerability management and patching? 

There are several reasons why organizations struggle with vulnerability management and patching.

First, not every system is created equal. Some are very complex, so that immediate patching is simply not possible. A patch may need several levels of testing and approval from different teams or departments so the organization can be assured that this patch will not harm their current system and work as intended.

Next, not all organizations have a team that can solely focus on vulnerability management. However, as the importance of patching is realized, some organizations are starting to implement a vulnerability management process. Then there is the fact that some organizations just don't have the budget to implement such a team, resulting in some teams having to handle several tasks.

What best practices can organizations put in place to make sure they don't become a victim of high profile or high severity vulnerability exploits? 

There are many best practices for organizations to implement that will improve their defenses. I've listed a few here that will reduce the risk of becoming victimized by high profile vulnerabilities:

  1. Assign an individual or a team to work on implementing a holistic security program tackling security assessments, risk management and policy. It's always a good idea to try and find someone already on staff with the knowledge and understanding to handle these tasks. Look for professionals who can provide these services and then build an internal team slowly until they don't need external assistance.
  2. Provide training to employees and not just those in the IT department who are handling the critical systems. Some critical vulnerabilities require human interaction. Educate employees by providing periodical cybersecurity training and the necessary support materials. Make sure that they are following the security policies and procedures provided by the company and make them understand the importance of following the guidelines.
  3. Don't discount the risk of having outdated systems since these are the ones that are easily targeted. Have the system owner assess the current state and come up with a solution in collaboration with the security team.
  4. Have a good incident response plan. No organization wants to become a victim, but it must have a plan in place if something happens. Such a plan will certainly help reduce the impact a cyber incident could have on their company.

Latest Trustwave Blogs

Defending Healthcare Databases: Strategies to Safeguard Critical Information

The healthcare sector continues to be a primary target for threat actors, with 2023 seeing a record number of data breaches and compromised records. While successful attacks are inevitable, it’s...

Read More

Trustwave SpiderLabs: Ransomware Gangs Dominate 2024 Education Threat Landscape

The security teams manning the defenses at the higher education and primary school system levels often find themselves being tested by threat actors taking advantage of the sector's inherent cyber...

Read More

LockBit Takedown: Law Enforcement Disrupts Operations, but Ransomware Threats Likely to Persist

The news that US, UK, and other international law enforcement agencies disrupted LockBit is welcome, as stopping any threat group activity is always a positive. The unfortunate aspect is this blow...

Read More