English Japanese
Belue Creative, Information Security Services, Information security management

Cyber Security Vulnerability

Today, the news of cyber attacks targeting the nation is constant. Until now it was an attack by a “pleasant criminal” of tampering with the homepage, but now it is changing to the attack that is likely to invite the nation into turmoil.

It is said that there was a public opinion operation of the Internet by the Troll troops in Russia carried out during the US presidential election in recent times. So the cyber attacks are taken place internationally among countries.

In Japan, it is three years since the “Cyber Security Basic Law” was enacted. And now IoT, smart meter, connected car and a variety of things are connected to the Internet. While becoming a more convenient living environment, the cyber attacks are steadily increasing day by day. So the information security measures in cyberspace are urgent.

We investigated and analyzed the vulnerabilities published on JVN / NVD (* 1) as of February 2017 regarding “vulnerability” which is the key point of cyber attack. The following charts shows the result.

The first step to protecting your system from cyber attacks is to overcome the weaknesses. The weaknesses in computer systems and programs are called vulnerabilities. Depending on the vulnerability, it is also possible to be participated in the attack, such as a stepping stone for attacks against other organizations as well as the influence on the company’s system.

Today, the Internet blends into our lives and becomes an important life base as part of the lifeline. For this reason, we believe that it is necessary for society to proceed with vulnerability countermeasures against cyber attacks.

Looking at trends in past vulnerabilities investigated by us, about 50% of vulnerabilities were those that could have a serious effect on the information system.

(* 1) JVN (Japan Vulnerability Notes): A vulnerability countermeasure information portal site that provides vulnerability related information such as software used in Japan and the countermeasure information, and aims to contribute to the information security measures.(https://jvn.jp/)

NVD (National Vulnerability Database): Vulnerability information database managed by the National Institute of Standards and Technology (NIST).(https://nvd.nist.gov/)

JStatus of vulnerabilities published on JVN

The number of vulnerabilities published on JVN has been in the range of 5,000 to 6,000 in recent years. (Fig. 1)
The vulnerabilities with “Critical” security risks are on the rise, and its number is over 20% of total in 2016. (Fig. 2)

(Fig. 1 Number of vulnerabilities published on JVN)


(Fig. 2 Percentage of security risk level of vulnerabilities published on JVN)

Vulnerability with “CRITICAL” security risk

For the vulnerabilities with “critical” security risk, those related to SQL Injection (* 2) are overwhelmingly large.

(Fig. 3 Vulnerabilities with critical security risk published on JVN)

(* 2) An attack method that manipulates the database system illegally by intentionally using a security deficiency of the application and executing an SQL statement not anticipated by the application. And a vulnerability that enables that attack.

tatus of vulnerabilities published on NVD

The number of vulnerabilities has been around 6,000 in recent years.


(Fig. 4 Number of vulnerabilities published on NVD)
In recent years, the vulnerabilities with “Critical” security risk are increasing at a momentum close to 40%.

(Fig. 5 Percentage of security risk level of vulnerabilities published on NVD)

Measures against SQL Injection

We have developed and are providing ParnaWall that completely protects attacks by SQL Injection.

Recommended use of Parnawall

“ParnaWall” is a cloud-ready database firewall that completely detects and protects “SQL injection” which is the most attack by information leakage due to Web application attacks.

It is a revolutionary solution against the attacks that could not be prevented by conventional WAF (Web Application Firewall). And its installation is very easy.

For details,
please click here. (http://www.parnawall.jp/index_e.html)

We will support “Creating” more leap forward by protecting “Benefit” (profit) and “Value” of customers using the Internet and IT.

【解釈】
●Cyber Attack
Destruction activity via the Internet or cracking acts performed on certain national organizations, international organizations, enterprises, etc. on the computer network. Cyber terrorism attacking across national borders is also increasing. Following are the examples of the attacking methods.

  1. Computer viruses and mass transmission of spam.
  2. Illegal intrusion and destruction to the network.
  3. Tampering of the website etc.

●Vulnerability

  1. Weak and brittle nature.
  2. Safety defects and weak points on computer networks.
  3. Fault of the program against unauthorized access from outside. The security hole that can be made by a bug of software and hardware is the representatives. And the sweetness of management system for confidential information / important information is also considered as a kind of vulnerability.