Phoo: CloudPro

InfoSec: Google, Microsoft, Oracle products most vulnerable ─Report

*Cybercriminals are likely considering how much effort they need to put in, for what reward, and calculating how it makes sense to target services with large numbers of users to make their time worthwhile ─ Telefonica Tech Cybersecurity

Gbenga Kayode | ConsumerConnect

A new report indicates that the big names in software, products and services in the Information and Communications Technology (ICT) world mean threat actors are more likely to exploit security holes.

So is the battle between cybercriminals and those trying to keep a lid on their exploits and crimes, the cat and mouse game continually shifts back and forth, said the report.

As soon as vulnerabilities in software or products are discovered, they are quickly patched by companies looking to do all they can to protect their users.

However, the report observed just as soon as that happens, criminals and hackers move on to try and find the next weakness in defences that they can exploit for monetary gain.

ConsumerConnect gathered that an analysis of Telefonica Tech Cybersecurity Report for the first half of 2021 showed that some of the biggest, most widely-used services offered by the largest companies are those that have the highest number of vulnerabilities in the market now.

Telefonica’s report investigates the world of mobile security and tries to identify the most common vulnerabilities in today’s cybersecurity landscape.

The findings are unsurprising: those services used by the most people, and run by the largest companies, are the ones with the biggest number of vulnerabilities.

The report, nonetheless, said that does not mean they’re any less well-coded than their smaller counterparts.

Instead, cybercriminals are likely looking at how much effort they need to put in, for what reward, and calculating that it makes sense to target services with large numbers of users to make their time worthwhile.

How Google, Microsoft, Oracle lead the pack

As most consumers probably expect, some of the world’s biggest names in software and services are leading the pack for the number of vulnerabilities reported and discovered in the first six months of 2021, the report noted.

It stated that Google leads the way, with 547 vulnerabilities reported over the half year: three every single day.

Microsoft comes close behind, with 432 vulnerabilities reported over the last six months.

Oracle had 316 vulnerabilities discovered in the first half of 2021, bringing up the rear in the top three companies to suffer the most issues.

But, they were far from alone: SAP, IBM, Jenkins, Apple, Linux, and Aruba all also recorded issues, a situation described as an indication that almost every service you can think of using has some issues around it.

Atlas VPN researcher William Sword said: “Exploiting vulnerabilities in Google or Microsoft products allow cyber criminals to probe millions of systems.

“While the tech giants are doing a fair job of keeping up with exploits and constantly updating their software, people and organisations need to follow suit and keep up with the updates to prevent further exploitation.”

Areas where issues were found

According to researchers, it is not all vulnerabilities that are created equal, but even a small issue can have a big impact when multiplied over billions of users worldwide.

With regard to Google, for instance, the report found that its Chrome browser is used by a huge number of consumers worldwide, which makes any small vulnerability with it likely to affect many.

For Microsoft, the issues were more fundamental, the report stated.

Atlas VPN said: “State-sponsored threat actors from China abused Microsoft Exchange Server vulnerabilities to carry out ransomware attacks.

“Other attackers would drop cryptocurrency miners from the post-exploit web shells.

“On Oracle, the main issues were discovered with Oracle’s WebLogic Server – a platform for developing, deploying, and running enterprise Java-based applications.

According to the experts, it all makes the importance of monitoring for vulnerabilities and installing patches that solve them even more crucial.

They noted that it is small actions like these that can make the difference between a safe time online and more fundamental issues that can come to haunt users in cyberspace.

The idea that major platforms run by big companies are impenetrable simply is not the case: it just means there is a bigger bull’s eye on their back, added the report.

Kindly Share This Story