On the Cyber Security of Lebanon: A Large Scale Empirical Study of Critical Vulnerabilities

On the Cyber Security of Lebanon: A Large Scale Empirical Study of Critical Vulnerabilities

연구 분야: Safety

학회: 2020 8th International Symposium on Digital Forensics and Security (ISDFS)

In this paper, we uncover 1645 critical vulnerabilities in the perimeter of Lebanon affecting the majority of its sectors, including critical infrastructure. Given the enormous economic and personal damage imposed by critical vulnerabilities, we use a novel framework to regularly identify these vulnerabilities in time on a large scale. We show that the root cause of the uncovered vulnerabilities is the lack of a core security best practice, namely, patch management. All the 1645 vulnerable systems had a patch offered by the vendor at the time they were found vulnerable. In addition to that, the poor reaction to our notification efforts to the owners of vulnerable systems underlines another lack of a proper incident handling process. To this end, this research shall be considered as a first step towards continuous attack surface evaluation of Lebanon, which shall involve different parties from public and private sectors in order to better perform risk analysis and mitigation.