English
  • Russian
  • Korean
  • Support
Positive Technologies
English
  • Russian
  • Korean
  • Solutions
    ICS/SCADA

    Critical infrastructure on the frontline

    Vulnerability Management

    Stop being an easy target

    Financial Services

    Can your security keep up with you?

    Protection from targeted attacks (anti-apt)

    Early detection, rapid investigation

    PT Industrial Cybersecurity Suite

    PT ICS is an integrated platform for cyberthreat detection and response in industrial systems

    Utilities

    Industrial-grade cybersecurity

    ERP Security

    Take control of your ERP security

    Security Compliance

    Turn policies into protection

    View all →
  • Products
    MaxPatrol 8

    Vulnerability and compliance management system.

    MaxPatrol SIEM

    Knows your infrastructure, delivers pinpoint detection.

    PT Application Firewall

    Intelligent protection of business applications.

    PT Application Inspector

    Source code analysis tool.

    PT ISIM

    Cyberthreat detection and incident response in ICS.

    PT Network Attack Discovery

    NDR system to detect attacks on the perimeter and inside the network.

    PT Sandbox

    Advanced sandbox with customizable virtual environments

    XSpider

    Vulnerability scanner.

    MaxPatrol VM

    Next-generation vulnerability management system.

    MaxPatrol SIEM All-in-One

    Full-featured SIEM for mid-sized IT infrastructures.

    PT MultiScanner

    Multilayered protection against malware attacks.

    PT BlackBox

    Dynamic application security testing tool

    View all →
  • Services
    ICS/SCADA Security Assessment

    Full Range of ICS-specific Security Services

    ATM Security Assessments

    Uncover Your Weaknesses

    Web Application Security Services

    Black Box and White Box Analysis

    Mobile Application Security Services

    Security Analysis and Compliance Audit

    Custom Application Security Services

    Independent Expert Analysis of Your Source Code

    Penetration Testing

    A Comprehensive Approach

    Forensic Investigation Services

    Prevent Future Incidents

    Advanced Border Control

    Upgrade Your View of Perimeter Security

    View all →
  • Analytics
    Threatscape
    PT ESC Threat Intelligence
    Cybersecurity glossary
    Knowledge base
    View all →
  • Partners
  • About
    Clients
    Press
    News
    Events
    Contacts
    Documents and Materials
    View all →
Menu
  • Home
  • Analytics
  • Positive Technologies' key research activities in 2019–2021

Positive Technologies' key research activities in 2019–2021

Published on April 20, 2021

With the global spread of information technology comes an inevitable increase in the number of vulnerabilities in information systems. The reason is the neglect of secure development principles, vulnerable architecture of these systems, and the all-too-common human factor. In 2020 alone 18,103 vulnerabilities were found in software of various manufacturers. This is more than in any other previous year. More than half of these vulnerabilities (57%) are of high or critical severity, which causes significant risks to the owners of vulnerable software. Timely installation of patches can help mitigate these risks.

Detecting new vulnerabilities and bringing them to the attention of software manufacturers is crucial when it comes to increasing the security of information systems. Positive Technologies is an active contributor to this process. Positive Technologies adheres to the principles of responsible disclosure. First, all information regarding a detected vulnerability and details of its exploitation is provided to a corresponding vendor. Next, we offer consultation on how to eliminate this vulnerability. Finally, and only after the vendor releases an official security update, do we publish the results of our research online by agreement with this vendor.

In only the last three years, our experts detected and helped to eliminate hundreds of serious vulnerabilities (including critical vulnerabilities) in products of world-renowned software manufacturers:

  • VMware vCenter Server (CVE-2021-21972), a platform designed for centralized management and automation of VMware vSphere, a key product in modern data processing centers.
  • Citrix ADC and Citrix Gateway (CVE-2019-19781), solutions that are widely used in corporate networks, including for providing terminal access of employees to internal company applications from any device via the Internet.
  • Cisco ASA (CVE-2020-3452, CVE-2020-3187, CVE-2020-3259), a series of hardware firewalls. Features include stateful firewalling, deep analysis of application-layer protocols, network address translation, and secure connection to local network via web interface or dynamic routing protocols.
  • F5 BIG-IP (CVE-2020-5902, CVE-2020-5903), an application delivery controller (ADC) used by some of the world's biggest companies.
  • Fortinet FortiWeb (CVE-2020-29015, CVE-2020-29016, CVE-2020-29018, CVE-2020-29019), a family of firewalls for web applications.
  • Palo Alto PAN-OS (CVE-2020-2037, CVE-2020-2036, CVE-2020-2038, CVE-2020-2039), an operating system used by Palo Alto Networks next-generation firewalls (NGFW).
  • SonicWall SonicOS (CVE-2020-5135, CVE-2020-5133, CVE-2020-5134, CVE-2020-5137, CVE-2020-5136, CVE-2020-5138, CVE-2020-5139, CVE-2020-5140, CVE-2020-5141, CVE-2020-5142, CVE-2020-5143), an operating system used by popular SonicWall firewalls. SonicWall ranks fifth among manufacturers of hardware security solutions worldwide.

Positive Technologies helped to eliminate vulnerabilities in the Intel Management Engine subsystem in modern Intel processors and fix security flaws in solutions of other major companies, such as Dell (CVE-2020-5366), Microsoft (CVE-2019-0697, CVE-2019-0726), and Check Point (CVE-2020-6020), as well as in industrial control systems by Schneider Electric (CVE-2018-7760), Moxa (CSA-20-056-01, CVE-2019-9098, CVE-2019-9099, CVE-2019-9102), Rockwell (ICSA-20-070-06), and Siemens (ICSA-19-036-04).

Our company is an active contributor to OWASP (Open Web Application Security Project). Our studies highlight key information security problems and promote best practices in information systems protection. Our studies include:

  • Threat analysis research. Quarterly reports on evolving cyberthreats. The results of such studies help organizations to keep track of recent information security trends.
  • Articles about darkweb ("Custom hacking services" and "Access for sale"). In these articles, we analyze malicious schemes used by attackers. Infosec experts can use our findings to timely forecast potential threats for their companies.
  • Security assessments of IT infrastructure of major companies ("External pentests results" and "Internal pentests results"), in which we share key issues of network perimeters and local networks protection in depersonalized form. This information can help companies to avoid common mistakes and bear them in mind when building a security system for their IT infrastructures.
  • Articles on vulnerabilities and threats in mobile applications and web applications vulnerabilities, in which we share our expertise and knowledge of security problems of these systems and offer protection solutions.
  • Studies of vulnerabilities in online banking applications and ATMs, in which we discuss attack techniques, the most common vulnerabilities, and methods for their elimination.
  • Analysis of ICS vulnerabilities, in which we share our knowledge of the most serious problems of ICS security and urge industrial companies to perform a more thorough analysis and protect equipment in the ICS segment of internal networks.

Another important aspect of our experts' daily work is the analysis of activities of cybergroups and publication of tools that help to effectively confront attackers. We actively contribute to the global struggle against cybercrime, analyze attackers' tactics and techniques, and share the results of our findings in our blog. Our specialists investigated attacks by such groups as:

  • Higaisa (Winnti, APT41). The group became famous for its attacks on computer game developers.
  • TaskMasters. The main objective of the group is to steal confidential information belonging to organizations. The attackers attempt to burrow into corporate information systems for extended periods and obtain access to key servers, executive workstations, and business-critical systems.
  • Calypso. The group has been active since at least September 2016. The primary goal of the group is theft of confidential data.
  • TA505. The group has been active since 2014. During six months in 2019, the group attacked at least 26 companies in 64 countries. Targets: banks, research institutes, energy companies, healthcare, and aviation. The malefactors are drawn towards finance and intellectual property.

During ransomware epidemics (such as NotPetya), our company was among the first ones to share recommendations on how to localize threats and recover systems.

All our expertise is available in public sources and is used as a basis for the development of our security solutions.

Positive Technologies calls upon all information security researchers to follow the principles of responsible disclosure and invites them to take part in the Positive Hack Days 10 international security forum.

Related articles
  • July 12, 2019 Hack at all cost: putting a price on APT attacks
  • August 1, 2017 Cobalt strikes back: an evolving multinational threat to finance
  • March 23, 2021 Top cyberthreats on enterprise networks. Network traffic monitoring: 2020 data
Share:
Link copied
Related articles
April 2, 2020

Cybersecurity Threatscape 2019

June 17, 2020

Vulnerabilities and threats in mobile banking

August 8, 2017

Security trends & vulnerabilities review: web applications (2017)

All articles
Solutions
  • ICS/SCADA
  • Vulnerability Management
  • Financial Services
  • Protection from targeted attacks (anti-apt)
  • PT Industrial Cybersecurity Suite
  • Utilities
  • ERP Security
  • Security Compliance
Products
  • MaxPatrol 8
  • MaxPatrol SIEM
  • PT Application Firewall
  • PT Application Inspector
  • PT ISIM
  • PT Network Attack Discovery
  • PT Sandbox
  • XSpider
  • MaxPatrol VM
  • MaxPatrol SIEM All-in-One
  • PT MultiScanner
  • PT BlackBox
Services
  • ICS/SCADA Security Assessment
  • ATM Security Assessments
  • Web Application Security Services
  • Mobile Application Security Services
  • Custom Application Security Services
  • Penetration Testing
  • Forensic Investigation Services
  • Advanced Border Control
Analytics
  • Threatscape
  • PT ESC Threat Intelligence
  • Cybersecurity glossary
  • Knowledge base
Partners
About
  • Clients
  • Press
  • News
  • Events
  • Contacts
  • Documents and Materials
Positive Technologies
Copyright © 2002—2023 Positive Technologies. All Rights Reserved.
Find us:
  • Report a vulnerability
  • Help Portal
  • Terms of Use
  • Privacy Notice
  • Cookie Notice
  • Positive Coordinated Vulnerability Disclosure Policy
  • Sitemap
Copyright © 2002—2023 Positive Technologies. All Rights Reserved.
  • Report a vulnerability
  • Help Portal
  • Terms of Use
  • Privacy Notice
  • Cookie Notice
  • Positive Coordinated Vulnerability Disclosure Policy
  • Sitemap