HomesecurityThe pandemic has increased vulnerabilities and bug bounties

The pandemic has increased vulnerabilities and bug bounties

Vulnerability submissions have risen in the last 12 months, with critical issues reported on the Bugcrowd platform jumping 65%.

submissions of vulnerabilities

The data comes from the Bugcrowd platform and reflects the increase in bug bounty payments as ethical hackers chase more critical weaknesses, combining errors and developing a proof-of-concept exploit code.

The Bugcrowd platform says companies that offer consumer services and services in their industry the media receive reports on critical issues in less than a day.

For organizations in the government and automotive industries, high-risk bugs are submitted in a matter of days.

This year, submissions for vulnerabilities through the Bugcrowd platform increased by 50%, while for priority reports 1 (the most critical) increased by 65%.

Web apps remain hackers' top preferences, although attackers differentiate their goals to stay competitive.

Between January and October 2020, financial services agencies received more vulnerabilities than in 2019. Payments for P1 vulnerabilities in this area doubled in the second quarter of this year.

Hackers have also stepped up their attacks, leading companies to increase payments for serious issues. Overall, payments for critical vulnerabilities (P1) increased by 31% from the first to the second quarter. The same thing happened with P2 errors between Q2 and Q3.

At the top of the list of most vulnerable vulnerabilities submitted through the Bugcrowd platform are human-controlled "broken" access controls, eliminating cross-site scripting (XSS).

The acquisition of the subdomain also climbed two places on the list, from sixth to fourth - the reason behind the jump was the increased use of hacker automation in the search for errors.

Although the vulnerabilities zero-day they attract all the attention as they are usually associated with attacks by a APT team, most of the time these opponents are based on known exploits.

Bugcrowd notes that the changes recorded this year are in line with its challenges remote work imposed by the pandemic. After spending more time at home, bug hunters were able to be more active and find bugs of higher severity, as well as submit better quality reports.

Source of information:

Teo Ehc
Teo Ehc
Be the limited edition.