Software security flaws and human behavior are major network vulnerability points, Ixia finds

Software security flaws — including those with available fixes that haven’t been applied — and human behavior continue to be the top sources of network vulnerabilities, according to a new report from Keysight Technologies’ Ixia group. In its third annual security report, Ixia’s Application and
Threat Intelligence Research Center (a legacy of Ixia’s 2012 acquisition of BreakingPoint, which established ATI in 2005)) said that “poor cyber hygiene continues to persist year after year,” including the use of default login and password credentials; and that attacks that date back as far as 2009 remain effective because vulnerabilities are either unpatched or because patches aren’t available for legacy systems. “Software security flaws contributed to a record number of security incidents in 2018. We saw more new devices than ever before, but we also saw more devices designed and deployed without proper measures to stop, or even limit, threats,” Ixia said. Phishing that exploits human behavior continues to be a reliable first step toward compromising network systems, Ixia found, noting that “a well-crafted and well-timed phishing attempt can confuse even the most tech-savvy expert into making a mistake that leads to a network compromise.” The company said that it detected 662,618 phishing pages in the wild, and 8,546,295 pages hosting or infected by malware.