Internal Audit, Risk, Business & Technology Consulting
2018 Security Threat Report
Assessing Nine Years of Cyber Security Vulnerabilities and Exploits
protiviti.com 2018 Security Threat Report · 1
Executive Summary
Finding the right words to describe the magnitude of cyber security today is like trying to
define the size and splendor of the Grand Canyon to someone unfamiliar with the natural
wonder of the world. News of massive data breaches continues to make headlines. Among
the largest breaches to date, one of the major consumer credit reporting agencies announced
last year that hackers accessed its store of Social Security numbers, driver’s license data, birth
dates and other personal information on more than 140 million consumers. A decade ago, such
news would have been unimaginable. But sadly, over the last several months, disclosures of
significant cyber security breaches have become routine as organizations increasingly rely on
vulnerable digital technologies and third-party service providers.
At the same time, cyber criminals are becoming more
creative and sophisticated. New cyber threats emerge
daily that put any number of business systems at
risk, and companies face a monumental challenge to
keep pace with the threats and safeguard their data,
particularly their “crown jewels.” It’s no surprise
that cyber security is the chief concern not only for
CIOs and IT departments, but also for executive-level
management and boards of directors.
This report aims to help organizations address and
understand the cyber security landscape by exploring
and detailing the most common digital threats today.
Since 2009, Protiviti security labs in the United States
have performed more than 500 in-depth security
scans on behalf of a broad range of organizations to
test and assess their IT systems and infrastructure
for cyber security risks. Keeping the organizations
anonymous, we have compiled and quantified the
vulnerability and threat discoveries in our data,
offering insights and trends regarding the types of
threats organizations are most likely to face, the
most frequently perpetrated cyber crimes, the recent
acceleration of attacks, and trends in cyber attacks by
industry and size, among other views.
In addition, we provide insight into the root causes
underlying the vulnerabilities and practical guidance
on how companies can protect their information.
In these times of digital treachery, we hope you find
this report useful.
Key calls to action we define include:
01 Strong permission and user access controls
02 Employee security awareness
03 Patch management
04 System configuration management
05 Periodic penetration testing
2 · Protiviti
Key Definitions VulnerabilityWeakness in a computer system that reduces its security posture
01
02
0304
05
Internal
Non-internet facing systems
External
Internet facing systems
Risk rankings
Exploit
Vulnerabilities that have publicly available exploit code
Follow CVSS scoring mechanism:
• Critical: 9.0 - 10.0• High: 7.0 - 8.9
• Medium: 4.0 - 6.9• Low: 0.0 - 3.9
About Our Study
We compiled the data, analyses and trends presented
in this report by reviewing information from security
vulnerability scans of IT systems of more than 500
organizations in a broad range of industries. Over a
nine-year period, Protiviti’s security experts were
engaged by these companies to scan their networks,
detect vulnerabilities, and help fix issues and establish
proper mechanisms for monitoring and prevention.
This data has been aggregated and analyzed into data
points that we believe are both informative and useful
for those trying to safeguard their systems.
Some important notes and definitions about the
data in our report:
• The scanned data from these engagements was not
validated – rather, it is the raw data from a leading
vulnerability scanner that the Protiviti teams used.
• The test data is from a broad range of industry
organizations:
– Financial Services
– Healthcare and Life Sciences
– Consumer Products and Services
– Technology, Media and Telecommunications
– Manufacturing
– Education
– Energy and Utilities
• The data contains results from those of internet-
facing systems (external) as well as systems on the
inside of the organization’s firewall (internal).
• Vulnerability data contained within this study relate
to network-related issues only. Web application
vulnerabilities are not included. In addition,
vulnerability data related to the same missing patch
or outdated system versions have been removed,
with only the highest total remaining, to reduce
repeat items.
• Vulnerability refers to a weakness in a computer
system that reduces its security posture.
• Exploit refers to vulnerabilities that have publicly
available exploit code as of the time of testing.
• Risk rankings generally follow the standard CVSS
scoring mechanism:
– Vulnerabilities are labeled “Low” severity if they have a CVSS base score of 0.0-3.9.
– Vulnerabilities are labeled “Medium” severity if they have a CVSS base score of 4.0-6.9.
– Vulnerabilities are labeled “High” severity if they have a CVSS base score of 7.0-8.9.
– Vulnerabilities are labeled “Critical” severity if
they have a CVSS base score of 9.0-10.0.
protiviti.com 2018 Security Threat Report · 3
Organizations Included by Industry and Number of Scans/Tests Performed
Energy & Utilities
Education
Technology, Media & Telecommunications
Healthcare & Life Sciences
Financial Services
Consumer Products& Services
Manufacturing36%
29%
10%
9%
8%
7%
1%
Key Takeaways/Trends and Analysis
Based on the wealth of data taken from nine years’
worth of security scans and the trends they reveal,
there are a number of key takeaways and learnings:
• Patching, both external and internal, remains a
critical issue. In particular, application patching
appears to be a more problematic issue than oper-
ating system patching.
• Organizations are still running a significant number
of unsupported systems.
• There have been consistent challenges with SSL,
especially with regard to weak ciphers and diver-
sions. Though the raw number of issues hasn’t
reached a high level, this is an area for organizations
to monitor.
• Not surprisingly, the number of exploits and vulnera-
bilities organizations have experienced has risen over
time. Also of no surprise, the ports with the most
vulnerabilities are Windows 445 and web 443.
• Every few years, a major critical exploit comes along
that has a drastic impact on the security landscape.
Just a few examples include MS08-067, Heartbleed,
Shellshock (CVE-2014-6271), MS17-010 and MS15-034.
• Just under half of the vulnerabilities identified
during testing have a publicly available exploit.
4 · Protiviti
Call to Action
Regardless of an organization’s industry or size, devel-
oping, establishing and implementing five basic security
principles will dramatically reduce an organization’s risk
of a security breach. Organizational networks are only as
strong as their weakest link. As such, each of these areas
needs to be looked at, evaluated and improved individu-
ally and collectively in order to raise the bar high enough
so that a non-targeted attacker will be compelled to
move on to the next network.
The five items are:
1. Strong permission and user access controls –
Maintaining strong access controls is one of
the primary ways to protect against a breach.
Seemingly simple steps such as ensuring appropriate
permissions, reducing the number of powerful
administrative accounts and changing default pass-
words significantly reduce the attack surface for
a hacker. Software, systems and devices are often
preloaded with default permissions, usernames and
passwords that are easily identifiable through a quick
internet search or system query. Attempting to access
systems with default permissions and guessing these
usernames and passwords often is one of the first
steps an attacker will take when attempting to gain
control of a system.
Organizations that periodically check their network
for default permissions/credentials and implement
this change as part of the standard system
deployment procedures reduce the likelihood of one
or more attackers gaining easy access to a network.
2. Employee security awareness - Without strong
employee security awareness, attackers can manip-
ulate and prey on human emotion and behavior to
greatly reduce the effectiveness of technology, often
very expensive, that the organization put in place to
protect its networks. Social engineering attacks try
to obtain information that should not be disclosed
and could facilitate gaining unauthorized access to
companies’ private data and resources. Examples of
this include seeking information required to reset
and recover an employee’s password or any other
important information through electronic (phishing)
or physical means, or through phone calls.
Strong security awareness programs provide and
reinforce security awareness communications and
training provided to employees. Communications
inform employees and other users of the latest
security threats, activities the organization is
taking to mitigate these risks, and measures that
users can take to protect themselves and contribute
to promoting a secure office environment. Periodic
communications also stress proper password
protection and management, as well as provide
employees with appropriate steps to take when
they feel that social engineering techniques are
being attempted.
3. Patch management – As noted in the threat data
presented in our report, most vulnerabilities can
be remediated and/or are the result of a system not
being properly patched. This not only applies to
operating systems, but also to applications. While
getting a handle on application patching is often
more difficult than on operating systems (largely
due to the number of applications and required
patches in an environment), it is equally important
to protect the organization. Organizations should
use automated tools to both identify and apply
patches in an environment.
protiviti.com 2018 Security Threat Report · 5
Strong patch management programs have a good
handle on the security patch levels on all systems
throughout the environment (network devices,
operating systems and applications). Systems
that are not currently integrated with the existing
patch management process are integrated into the
centrally managed process. In instances where
systems cannot be upgraded or patched due to
business constraints, compensating controls
(e.g., VLANs or firewalls) should be implemented to
protect the rest of the network.
4. System configuration management – Strong
configuration management ensures that systems
are consistently and securely configured across the
environment (with exceptions where necessary)
to prevent attackers from easily gaining access to
systems and data. Areas such as password and audit
policies, services, and file permissions are controlled
through the configuration management process.
Organizations with effective configuration
management define a standard (usually based
on single or hybrid industry standards), deploy
it across applicable systems in the environment,
and periodically confirm the configurations do not
change. This is often controlled centrally to reduce
required staff hours as well as lessen the difficulty
in determining adherence to defined standards.
5. Periodic penetration testing – To ensure the
first four calls to action, as described above, are
being executed, organizations should perform
periodic penetration testing across various pieces
of IT infrastructure, including application and
network layers. Organizations should commit to
performing periodic penetration testing at least
annually, though more frequently is better. This
periodic testing identifies low-hanging fruit, in
terms of security vulnerabilities to address, and
keeps the organization up-to-date with the latest
tricks and techniques attackers are using. Without
periodic testing, organizations may be susceptible
to issues outside the scope of the four action items
above or may believe certain truths but cannot
verify their validity.
Recent breaches continue to reinforce the prevailing wisdom that companies today fall into two groups — those
that have been breached and know it, and those that have been breached but don’t know it. In addition to
preventative measures, organizations must work on maturing detective controls and response procedures.
Activities that simulate common attack patterns should be carried out within organizations to determine
whether their defenses can detect and respond effectively.
— Andrew Retrum, Protiviti Managing Director – Technology Consulting, Security and Privacy
6 · Protiviti
Top 10 Most Common Exploitable Vulnerabilities by Total Count
0 2500200015001000500
1122Apache HTTP Server Byte Range DoS | CVE-2011-3192
1364MS15-034: Windows HTTP.sys Remote Code Execution
Vulnerability | CVE-2015-1635
1398Windows Kernel Win32k.sys, Multiple Vulnerabilities
CVE-2013-3660
2058HP System Management Homepage < 7.0 Multiple Vulnerabilities
CVE-2009-0037
Oracle Java SE Multiple Vulnerabilities (April 2013 CPU)CVE-2013-0401 588
680MS13-047: Internet Explorer Memory Corruption Vulnerability
CVE-2013-3110
Oracle Java JDK/JRE Remote Code Execution VulnerabilityCVE-2013-0809 398
Apache 2.2 < 2.2.22 Multiple Vulnerabilities | CVE-2011-3368 349
Splunk Enterprise < 6.4.2 | CVE-2013-0211 313
OpenSSL AES-NI Padding Oracle MiTM Information Disclosure| CVE-2016-2107 296
High-Level Findings (2009 – 2017)
Following are notable high-level findings from Protiviti's vulnerability assessment data. More detailed results
are presented starting on page 14.
The graph below identifies the top 10 most common vulnerabilities with a publicly available exploit that existed
across all clients and industries.
In a recent global survey from Protiviti and North Carolina State University’s ERM Initiative, more than 700
directors and C-level executives ranked cyber risk as a top three risk overall, and a “significant impact” risk for
businesses in financial services; technology, media and telecommunications; healthcare and life sciences; and
energy and utilities. Both directors and CEOs rated cyber as the second-highest risk.
— Source: Executive Perspectives on Top Risks for 2018, North Carolina State University’s ERM Initiative and Protiviti, www.protiviti.com/toprisks.
protiviti.com 2018 Security Threat Report · 7
The graph below identifies the top 10 most common vulnerabilities, with or without a publicly available exploit,
across all organizations and industries.
Top 10 Most Common High-Risk Vulnerabilities by Total Count
0 30002500200015001000500
1364MS15-034: Windows HTTP.sys Remote Code Execution
Vulnerability | CVE-2015-1635
2018MS14-066: Microsoft Schannel Remote Code Execution
Vulnerability| CVE-2014-6321
2058HP System Management Homepage < 7.0 Multiple Vulnerabilities
CVE-2009-0037
2836MS12-020: Remote Desktop Protocol Vulnerability
CVE-2012-0002
MS11-025: MFC Insecure Library Loading VulnerabilityCVE-2010-3190 1237
1255OpenSSL 'ChangeCipherSpec' MiTM Vulnerability
CVE-2010-5298
Microsoft Windows SMB Information Disclosure VulnerabilityCVE-2017-0267 875
MS13-047: Internet Explorer Memory Corruption VulnerabilityCVE-2013-3110 680
MS13-022: Vulnerability in Microsoft Silverlight Remote CodeExecution | CVE-2013-0074 663
MS13-041: Vulnerability in Lync Remote Code ExecutionCVE-2013-1302 659
In this modern era of constant attacks, it’s expected that public-facing services will be attacked day in and day
out. As such, organizations with a well-designed and thoughtful vulnerability management program will do
several things, including scanning public-facing systems immediately upon notification of critical vulnerabilities,
quickly patching known vulnerabilities for critical public-facing services, and tracking and verifying patch
deployment as part of a comprehensive governance process.
— Randy Armknecht, Protiviti Managing Director – Technology Consulting, Cybersecurity
8 · Protiviti
Number of Unique Vulnerabilities and Exploits Over Time
The percentage of increases and decreases in exploits generally correlates with the number of identified vulnerabilities.
100
80
60
140
120
160
40
20
0
2009 2010 2011 2012 2013 2014 2015 2016 2017
Normalized Vulnerabilities Value Normalized Exploit Value
The graph below shows the normalized relationship between vulnerabilities and publicly available exploits
over time.
Digital transformation and innovative disruption are driving cyber attackers to become increasingly creative. In
response, security teams should begin rethinking some of the traditional ways in which they respond to higher
threat levels. For example, security groups should consider artificial intelligence and machine learning and how
these areas can be applied to cyber security measures. Organizations also should consider the security risks that
AI and machine learning pose as these innovations are introduced in other parts of the organization.
— Jonathan Wyatt, Protiviti Managing Director – Leader, Protiviti Digital
protiviti.com 2018 Security Threat Report · 9
Number of Unique External vs. Internal Infrastructure Exploits by Year
0 1200800600400200 1000
External Exploits Internal Exploits
2010
2009
2012
2013
2014
2015
2016
2017
2011
1128381
404161
435260
395314
66538
23893
4321
7
69
As expected, internal networks contain many more exploitable vulnerabilities compared to external networks.
The graph below depicts the relationship of uniquely identified publicly available exploits between external and
internal infrastructure.
10 · Protiviti
Number of Unique Vulnerabilities – External vs. Internal Infrastructure
0 160012001000800600400200 1400
External Infrastructure VulnerabilitiesInternal Infrastructure Vulnerabilities
2010
2009
2012
2013
2014
2015
2016
2017
2011
1194540
630166
6841534
747307
1408179
1104251
86850
10016
31480
The graph below shows the relationship of uniquely identified vulnerabilities, regardless of whether an exploit
exists, between external and internal infrastructure.
Unlike previous years, 2017 external vulnerabilities far exceeded internal vulnerabilities due to the increase in items related to SSL and SMB, as well as the number of external tests executed.
protiviti.com 2018 Security Threat Report · 11
01
02
03
04
05
06
07
08
09
microsoft-ds (445)
https (443)
http (80)
netbios-ssn (139)
ssh (22)
dcom-scm (135)
telnet (23)
h323 (1720)
netbios-ns (137)
sunrpc (111)
46675
32679
18530
8518
8278
6233
6106
3442
3040
286010
Top 10 Ports with Vulnerabilities — by Total Count
Microsoft Windows and web servers have the most vulnerabilities.
Below is a graphic showing the most vulnerable ports from both an external and internal perspective.
Most technology leaders lack high confi dence in their organization’s ability to prevent, monitor, detect or escalate
security breaches by a well-funded external attacker or by a company insider. However, there is a benefit to not
being overconfident: It can stave off complacency while helping to sustain a commitment to continually adapt
and improve current practices as cyber at tacks grow more sophisticated.
— Scott Laliberte, Protiviti Managing Director – Global Leader, Security and Privacy Practice
12 · Protiviti
The chart below depicts the top 10 most vulnerable ports from an external perspective.
Top 10 Ports with External Vulnerabilities — by Total Count
01
02
03
04
05
06
07
08
09
https (443)
http (80)
microsoft-ds (445)
netbios-ssn (139)
telnet (23)
ssh (22)
ntp (123)
ftp (21)
smtp (25)
isakmp (500)
16177
4815
1043
978
577
562
394
370
313
28610
A significant number of companies are leaving Windows systems directly exposed on the internet.
Incident response should be a mainstay of an effective security program. Our research indicates that two out of
three organizations have a formal, documented crisis response plan in place. Considering the prevalence of cyber
attacks and the growing likelihood of a breach, every organization should have such a plan. It also is important
for boards, senior management teams and technology functions to understand that the effectiveness of incident
response plans hinges on their execution, and the only way to gauge how these plans will work in reality is to
periodically test them in simulations. The most effective incident response plans are “living documents” that are
regularly updated to reflect rapidly changing market conditions, emerging security risks and internal changes.
— Michael Walter, Protiviti Managing Director – Leader, Cybersecurity Intelligence Response Center
protiviti.com 2018 Security Threat Report · 13
Top 10 Ports with Internal Vulnerabilities — by Total Count
01
02
03
04
05
06
07
08
09
microsoft-ds (445)
https (443)
http (80)
ssh (22)
netbios-ssn (139)
dcom-scm (135)
telnet (23)
h323 (1720)
netbios-ns (137)
sunrpc (111)
45632
16502
13715
7716
7540
6093
5529
3425
2989
280110
Similar to the chart on the prior page, the graphic below shows the top 10 most vulnerable ports from an
internal perspective.
1 Severity rankings are based on the standard CVSS scoring mechanism detailed on page 2.
Average Age of Vulnerabilities (Years) by Severity1
4.12 6.48 3.83 3.24
Low Medium High Critical
The chart below shows the average age of vulnerabilities by CVSS classification across all industries and systems
from 2017 to vulnerability release date.
14 · Protiviti
Exploit CVE ID Count
1 HP System Management Homepage < 7.0 Multiple Vulnerabilities CVE-2009-0037 2058
2 Windows Kernel Win32k.sys, Multiple Vulnerabilities CVE-2013-3660 1398
3 MS15-034: Windows HTTP.sys Remote Code Execution Vulnerability CVE-2015-1635 1364
4 Apache HTTP Server Byte Range DoS CVE-2011-3192 1122
5 MS13-047: Internet Explorer Memory Corruption Vulnerability CVE-2013-3110 680
6 Oracle Java SE Multiple Vulnerabilities (April 2013 CPU) CVE-2013-0401 588
7 Oracle Java JDK/JRE Remote Code Execution Vulnerability CVE-2013-0809 398
8 Apache 2.2 < 2.2.22 Multiple Vulnerabilities CVE-2011-3368 349
9 Splunk Enterprise 6.4.2 Multiple Vulnerabilities CVE-2013-0211 313
10 OpenSSL AES-NI Padding Oracle MitM Information Disclosure CVE-2016-2107 296
11 Web Server Directory Traversal Arbitrary File Access CVE-2000-0920 268
12 MS17-010: Windows SMB Remote Code Execution (EternalBlue) CVE-2017-0143 252
13 MS08-067: Server Service Vulnerability CVE-2008-4250 205
14 Microsoft Windows Unquoted Service Path Enumeration CVE-2013-1609 192
15 Adobe Acrobat < 10.0.1 Multiple Vulnerabilities CVE-2010-4091 189
16 OpenSSL Heartbeat Information Disclosure (Heartbleed) CVE-2014-0160 186
17Apache Tomcat / JBoss EJBInvokerServlet / JMXInvokerServlet Marshalled Object Remote Code Execution
CVE-2012-0874 167
18 PHP < 5.3.9 Multiple Vulnerabilities CVE-2011-3379 165
19 MS15-004: Directory Traversal Elevation of Privilege Vulnerability CVE-2015-0016 159
20 Adobe Reader < 9.1 Multiple Vulnerabilities CVE-2009-0193 132
21 GNUC C Library < 2.23 Multiple Vulnerabilities CVE-2015-7547 127
22 Mozilla Updater and Windows Update Service Privilege Escalation Vulnerability CVE-2012-1942 119
Detailed Findings (2009 – 2017)
Top 30 Overall Exploits by Count
As noted earlier, the prior section provides a high-level summary of key findings from Protiviti’s vulnerability
assessment data. The following pages contain deeper, more detailed results from this data.
protiviti.com 2018 Security Threat Report · 15
23 MS10-096: Windows Address Book Insecure Library Loading Vulnerability CVE-2010-3147 112
24 MS14-064: Windows OLE Automation Array Remote Code Execution Vulnerability CVE-2014-6332 111
25 MS11-019: Browser Pool Corruption Vulnerability CVE-2011-0654 101
26 MS11-026: MHTML Mime-Formatted Request Vulnerability CVE-2011-0096 101
27 Sun Java Web Start JNLP Remote Code Execution Vulnerability CVE-2007-3655 96
28 MS10-042: Vulnerability in Help and Support Center CVE-2010-1885 95
29 MS10-097: Insecure Library Loading in Internet Connection Signup Wizard CVE-2010-3144 95
30 MS11-003: Cumulative Security Update for Internet Explorer CVE-2010-3971 92
NOTES:
In this table, we have only identified a single CVE ID for each vulnerability in order simplify our reporting.
Operating systems are not the only systems with exploitable vulnerabilities. Applications rank equally high.
16 · Protiviti
Vulnerability CVE ID Count
1 Microsoft Windows Remote Desktop Protocol Server MiTM Weakness CVE-2005-1794 51450
2 SSL RC4 Cipher Suites Supported CVE-2013-2566 43284
3 SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POODLE) CVE-2014-3566 19237
4 SSH Server CBC Mode Ciphers Enabled CVE-2008-5161 19201
5 SSL Certificate Signed Using Weak Hashing Algorithm CVE-2004-2761 15131
6 Microsoft Windows SMB NULL Session Authentication CVE-1999-0519 10216
7 SSL Version 2 (v2) Protocol Detection CVE-2005-2969 5986
8 SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection CVE-2009-3555 5394
9 TLS Padding Oracle Information Disclosure Vulnerability (TLS POODLE) CVE-2014-8730 4991
10 HTTP TRACE / TRACK Methods Allowed CVE-2003-1567 4714
11 SSL/TLS Diffie-Hellman Modulus Weak Configuration (Logjam) CVE-2015-4000 4347
12 Apache HTTP Server httpOnly Cookie Information Disclosure CVE-2012-0053 3970
13 SNMP Agent Default Community Name (public) CVE-1999-0517 3790
14 RomPager HTTP Referer Header XSS CVE-2013-6786 3476
15 SSL 64-bit Block Size Cipher Suites Supported (SWEET32) CVE-2016-2183 3246
16 Web Server HTTP Header Internal IP Disclosure CVE-2000-0649 3094
17 MS12-020: Remote Desktop Protocol Vulnerability* CVE-2012-0002 2836
18 SSH Protocol Version 1 Session Key Retrieval CVE-2001-0361 2724
19 HP System Management Homepage < 7.0 Multiple Vulnerabilities CVE-2009-0037 2058
20 MS14-066: Microsoft Schannel Remote Code Execution Vulnerability* CVE-2014-6321 2018
21 MS16-047: Windows SAM and LSAD Downgrade Vulnerability (Badlock)* CVE-2016-0128 2008
22 SSL/TLS EXPORT_RSA Weak Configuration (FREAK) CVE-2015-0204 1937
23 Dropbear SSH Server < 2013.59, Multiple Vulnerabilities CVE-2013-4421 1923
24 TLS CRIME Vulnerability CVE-2012-4929 1908
25 SSL / TLS Renegotiation DoS CVE-2011-1473 1654
* Uncredentialed check
Vulnerabilities: Top 30 Overall by Count (All Severity — External and Internal)
protiviti.com 2018 Security Threat Report · 17
26 Internet Key Exchange (IKE) Aggressive Mode with Pre-Shared Key CVE-2002-1623 1540
27 Microsoft Windows Unquoted Service Path Enumeration CVE-2013-1609 1430
28 Microsoft Windows Kernel Win32k.sys PATHRECORD chain Multiple Vulnerabilities CVE-2013-3660 1398
29 MS15-034: Vulnerability in HTTP.sys Remote Code Execution CVE-2015-1635 1364
30 MS11-025: Vulnerability in Microsoft Foundation Class (MFC) Library Remote Code Execution CVE-2010-3190 1237
SSL vulnerabilities dominate the top 30 highest count.
0 450250 300 350 40020015010050
47
77Microsoft Windows Unquoted Service Path Enumeration
CVE-2013-1609
86
MS17-010: Windows SMB Remote Code Execution (EternalBlue) | CVE-2017-0143
PHP < 5.3.9 Multiple Vulnerabilities | CVE-2011-3379
Cisco ASA / IOS IKE Fragmentation Vulnerability | CVE-2016-1287
OpenSSL AES-NI Padding Oracle MitM Information DisclosureCVE-2016-2107 141
Apache 2.2 < 2.2.22 Multiple Vulnerabilities | CVE-2011-3368 183
379
426
MS15-034: Windows HTTP.sys Remote Code ExecutionVulnerability | CVE-2015-1635
Apache HTTP Server Byte Range DoS | CVE-2011-3192
SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POODLE) | CVE-2014-3566
40
MS15-004: Directory Traversal Elevation of Privilege VulnerabilityCVE-2015-0016
37
29
Top 10 External Exploits
Missing Microsoft patch MS17-010, which WannaCry used as a transport method, cracked the list of top 10 external exploits in less than a year.
18 · Protiviti
Most external vulnerabilities relate to web servers.
Top 10 External Vulnerabilities by Count
0 1400010000 120008000600040002000
1522
1835SSH Server CBC Mode Ciphers Enabled | CVE-2008-5161
2056
SSL Certificate Signed Using Weak Hashing Algorithm | CVE-2004-2761
Internet Key Exchange (IKE) Aggressive Modewith Pre-Shared Key | CVE-2002-1623
SSL 64-bit Block Size Cipher Suites Supported(SWEET32) | CVE-2016-2183
HTTP TRACE / TRACK Methods Allowed | CVE-2003-1567 2481
SSL Version 2 (v2) Protocol Detection | CVE-2005-2969 2926
6589
12970
SSLv3 Padding Oracle On Downgraded Legacy EncryptionVulnerability (POODLE) | CVE-2014-3566
SSL RC4 Cipher Suites Supported | CVE-2013-2566
Apache HTTP Server httpOnly Cookie Information Disclosure | CVE-2012-0053
1460
Web Server HTTP Header Internal IP Disclosure | CVE-2000-0649
1255
1060
protiviti.com 2018 Security Threat Report · 19
EternalBlue cracked the top 10 list of internal exploits by count, as well.
Top 10 Internal Exploits by Count
0 2500200015001000500
383
562Oracle Java SE Multiple Vulnerabilities
(April 2013 CPU) | CVE-2013-0401
659
Splunk Enterprise < 6.4.2 | CVE-2013-0211
Web Server Directory Traversal Arbitrary File AccessCVE-2000-0920
MS17-010: Windows SMB Remote Code Execution(EternalBlue) | CVE-2017-0143
Apache HTTP Server Byte Range DoS | CVE-2011-3192 696
MS15-034: Windows HTTP.sys Remote Code Execution Vulnerability | CVE-2015-1635 985
1398
2041
Windows Kernel Win32k.sys, Multiple VulnerabilitiesCVE-2013-3660
HP System Management Homepage < 7.0 MultipleVulnerabilities | CVE-2009-0037
Oracle Java JDK/JRE Remote Code Execution VulnerabilityCVE-2013-0809
313
MS13-047: Internet Explorer Memory Corruption VulnerabilityCVE-2013-3110
259
244
20 · Protiviti
Top 10 Ports with Internal Vulnerabilities
telnet (23)
dcom-scm (135)
netbios-ssn (139)
ssh (22)
http (80)
https (443)
microsoft-ds (445)
h323 (1720)
netbios-ns (137)
sunrpc (111)
5593
6093
7549
7784
14838
16502
46142
3425
2989
2801
01
02
03
04
05
06
07
08
09
10
Top 10 Internal Vulnerabilities by Count
0 6000040000 50000300002000010000
10102
10833SSL RC4 Cipher Suites Supported
CVE-2013-2566
12493
SSL / TLS Renegotiation Handshakes MiTM PlaintextData Injection | CVE-2009-3555
SSL/TLS Diffie-Hellman Modulus <= 1024 Bits(SSL/TLS Logjam Vulnerability) | CVE-2015-4000
SNMP Agent Default Community Name (public) CVE-1999-0517
SSL Certificate Signed Using Weak Hashing Algorithm CVE-2004-2761 13357
SSH Server CBC Mode Ciphers Enabled | CVE-2008-5161 17365
30314
50296
SSL RC4 Cipher Suites Supported | CVE-2013-2566
Microsoft Windows Remote Desktop Protocol ServerMiTM Weakness | CVE-2005-1794
Microsoft Windows SMB NULL Session AuthenticationCVE-1999-0519
4351
SSLv3 Padding Oracle On Downgraded Legacy EncryptionVulnerability (POODLE) | CVE-2014-3566
3734
3426
protiviti.com 2018 Security Threat Report · 21
Total Exploits (External and Internal) Over Time
1000
800
600
1600
1400
1200
400
200
0
2009 2010 2011 2012 2013 2014 2015 2016 2017
69
433
331
703
709
1509
565695
7
In 2015, significant exploits included Adobe Flash and Microsoft Office vulnerabilities.
22 · Protiviti
Total Vulnerabilities (External and Internal) Over Time
10000
8000
6000
16000
14000
12000
4000
2000 1358
255
3304
4541
6235
3376
6813
3251
10829
0
2009 2010 2011 2012 2013 2014 2015 2016 2017
As expected, the number of vulnerabilities identified over time is increasing.
protiviti.com 2018 Security Threat Report · 23
NOTES: Organizations included by industry and number of scans/tests performed: Consumer Products & Services 36%, Financial Services 29%, Healthcare & Life Sciences 10%, Technology, Media & Telecommunications 9%, Manufacturing 8%, Energy & Utilities 7%, Education 1%.
Overall Industry Findings (2009 – 2017)
Vulnerability Severity by Industry
Technology, Media and Telecommunications organizations had the lowest percentage of vulnerabilities that were “critical” or “high” in severity.
0 3000200015001000500 2500
Unique VulnerabilitiesCritical and High Unique Vulnerabilities
Education
Consumer Products & Services
Financial Services
Healthcare & Life Sciences
Manufacturing
Technology, Media &Telecommunications
Energy & Utilities
238631
9561594
16142374
17712790
611974
556895
15492537
24 · Protiviti
By their very nature, most exploits are considered “critical” or “high” in severity.
Exploits by Industry
0 20080604020 100 120 140 160 180
Unique ExploitsCritical and High Unique Exploits
Education
Consumer Products & Services
Financial Services
Healthcare & Life Sciences
Manufacturing
Technology, Media &Telecommunications
Energy & Utilities
3137
7388
143165
150181
5466
7185
135159
NOTES: Organizations included by industry and number of scans/tests performed: Consumer Products & Services 36%, Financial Services 29%, Healthcare & Life Sciences 10%, Technology, Media & Telecommunications 9%, Manufacturing 8%, Energy & Utilities 7%, Education 1%.
protiviti.com 2018 Security Threat Report · 25
Financial Services
Top 10 Overall Exploits (External and Internal)
0 16001000 1200 1400800600400200
381
510Apache HTTP Server Byte Range DoS | CVE-2011-3192
560
Splunk Enterprise < 6.4.2 or Splunk Light < 6.4.2 Multiple Vulnerabilities | CVE-2013-0211
Adobe Acrobat < 10.0.1 Multiple Vulnerabilities | CVE-2010-4091
MS17-010: Windows SMB Remote Code Execution (EternalBlue) | CVE-2017-0143
MS15-034: Windows HTTP.sys Remote Code Execution Vulnerability (uncredentialed check) | CVE-2015-1635 583
MS13-047: Internet Explorer Memory Corruption Vulnerability | CVE-2013-3110 650
908
1398
HP System Management Homepage < 7.0 MultipleVulnerabilities | CVE-2009-0037
Windows HTTP.sys Remote Code Execution Vulnerability | CVE-2013-3660
Oracle Java JDK/JRE Remote Code Execution Vulnerability | CVE-2013-0809
302
Oracle Java SE Multiple Vulnerabilities (April 2013 CPU) | CVE-2013-0401
189
175
26 · Protiviti
Top 10 Overall Exploits by Port (External and Internal)
telnet (23)
sunrpc (111)
ssh (22)
netbios-ssn (139)
http (80)
https (443)
microsoft-ds (445)
netbios-ns (137)
dcom-scm (135)
snmp (161)
1211
1263
3310
4261
6621
9411
15840
463
435
417
01
02
03
04
05
06
07
08
09
10
Financial Services (cont.)
protiviti.com 2018 Security Threat Report · 27
Top 10 Overall Vulnerabilities (External and Internal)
Microsoft Windows Remote Desktop Protocol Server MiTM Weakness 17608
SSL RC4 Cipher Suites Supported 9253
SSH Server CBC Mode Ciphers Enabled 5662
SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POODLE) 5451
Microsoft Windows SMB NULL Session Authentication 3575
HTTP TRACE / TRACK Methods Allowed 2169
SSL Version 2 Protocol Detection 1967
Apache HTTP Server httpOnly Cookie Information Disclosure 1779
RomPager HTTP Referer Header XSS 1705
Microsoft Windows Kernel Win32k.sys PATHRECORD chain Multiple Vulnerabilities 1398
Financial Services (cont.)
28 · Protiviti
Consumer Products and Services
Top 10 Overall Exploits (External and Internal)
Consumer Products and Services organizations had more MS17-010 exploits identified than other industries.
0 600500400300200100
MS10-096: Windows Address Book Insecure Library Loading Vulnerability | CVE-2010-3147 77
OpenSSL Heartbeat Information Disclosure(Heartbleed) | CVE-2014-0160 87
Apache 2.2 < 2.2.28 Multiple Vulnerabilities | CVE-2013-5704 121
MS17-010: Windows SMB Remote Code Execution (EternalBlue) | CVE-2017-0143 131
OpenSSL AES-NI Padding Oracle MiTMInformation Disclosure | CVE-2016-2107 143
Apache HTTP Server Byte Range DoS | CVE-2011-3192 230
HP System Management Homepage < 7.1.1Multiple Vulnerabilities | CVE-2011-1944 548
MS10-073: Win32k Reference Count Vulnerability | CVE-2010-2549 76
MS11-027: Microsoft Windows 8 Developer Tools Vulnerability | CVE-2010-0811 68
MS11-019: Browser Pool Corruption Vulnerability | CVE-2011-0654 67
protiviti.com 2018 Security Threat Report · 29
Top 10 Overall Exploits by Port (External and Internal)
sunrpc (111)
ssh (22)
telnet (23)
dcom-scm (135)
http (80)
microsoft-ds (445)
https (443)
rdp (3389)
netbios-ssn (139)
netbios-ns (137)
2627
4824
8058
12816
894
1015
1034
1039
1767
1966
01
02
03
04
05
06
07
08
09
10
Consumer Products and Services (cont.)
30 · Protiviti
Top 10 Overall Vulnerabilities (External and Internal)
Microsoft Windows Remote Desktop Protocol Server MiTM Weakness 9342
SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POODLE) 6003
SSL Certificate Signed Using Weak Hashing Algorithm 5461
SSH Server CBC Mode Ciphers Enabled 4008
SSL Version 2 Protocol Detection 1781
Web Server HTTP Header Internal IP Disclosure 1579
Microsoft Windows SMB NULL Session Authentication 1385
HTTP TRACE / TRACK Methods Allowed 948
Apache HTTP Server httpOnly Cookie Information Disclosure 880
SNMP Agent Default Community Name 817
Consumer Products and Services (cont.)
protiviti.com 2018 Security Threat Report · 31
Education
Top 10 Overall Exploits (External and Internal)
0 3530252015105
MS15-009: Internet Explorer Use-after-free Vulnerability | CVE-2014-8967 6
Web Server DirectoryTraversal Arbitrary File Access
CVE-2000-0920 6
Apache Struts2 / XWork RemoteCode Execution | CVE-2010-1870 8
Microsoft Windows UnquotedService Path Enumeration
CVE-2013-160910
PHP < 5.3.9 MultipleVulnerabilities | CVE-2011-3379 12
Apache 2.2 < 2.2.28 MultipleVulnerabilities | CVE-2013-5704 13
Apache HTTP Server ByteRange DoS | CVE-2011-3192 34
MS14-058: Win32k.sys Privilege Escalation Vulnerability | CVE-2014-4113 5
MS14-056: Internet Explorer Elevation of Privilege Vulnerability | CVE-2014-4123 5
Adobe Reader < 10.0.1 Multiple Vulnerabilities | CVE-2010-4091 5
32 · Protiviti
Top 10 Overall Exploits by Port (External and Internal)
ssh (22)
telnet (23)
dcom-scm (135)
https (443)
microsoft-ds (445)
netbios-ssn (139)
http (80)
ntp (123)
sunrpc (111)
netbios-ns (137)
344
424
934
1173
33
48
67
107
125
292
01
02
03
04
05
06
07
08
09
10
Education (cont.)
protiviti.com 2018 Security Threat Report · 33
Top 10 Overall Vulnerabilities (External and Internal)
SSL RC4 Cipher Suites Supported 948
Microsoft Windows Remote Desktop Protocol Server MiTM Weakness 426
HTTP TRACE / TRACK Methods Allowed 241
Apache HTTP Server httpOnly Cookie Information Disclosure 193
SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POODLE) 163
SSL Version 2 Protocol Detection 107
Microsoft Windows SMB NULL Session Authentication 84
SNMP Agent Default Community Name 61
Web Server Generic XSS 37
Apache HTTP Server Byte Range DoS 34
Education (cont.)
34 · Protiviti
Energy and Utilities
Top 10 Overall Exploits (External and Internal)
0 12010080604020
9
11
MS11-004: IIS FTP Service Heap Buffer Overrun Vulnerability | CVE-2010-3972
13Apache 2.2 < 2.2.28 Multiple Vulnerabilities | CVE-2013-5704
HP LaserJet PJL Interface Directory Traversal | CVE-2010-4107
18
MS15-034: Windows HTTP.sys Remote Code Execution Vulnerability (uncredentialed check) | CVE-2015-1635 18
Apache HTTP Server Byte Range DoS | CVE-2011-3192 27
HP System Management Homepage < 7.1.1 Multiple Vulnerabilities | CVE-2011-1944 104
Web Server Directory Traversal Arbitrary File Access | CVE-2000-0920
MS08-067: Server Service Vulnerability | CVE-2008-4250 8
MS13-037: Internet Explorer Use-after-free Vulnerability | CVE-2013-0811 7
MS12-008: GDI Access Violation Vulnerability | CVE-2011-5046 7
protiviti.com 2018 Security Threat Report · 35
Top 10 Overall Exploits by Port (External and Internal)
ftp (21)
ssh (22)
http (80)
netbios-ns (137)
telnet (23)
https (443)
microsoft-ds (445)
netbios-ssn (139)
snmp (161)
dcom-scm (135)
438
467
851
1944
59
105
119
126
177
221
01
02
03
04
05
06
07
08
09
10
Energy and Utilities (cont.)
36 · Protiviti
Top 10 Overall Vulnerabilities (External and Internal)
SSL RC4 Cipher Suites Supported 2275
Microsoft Windows Remote Desktop Protocol Server MiTM Weakness 1801
SSH Server CBC Mode Ciphers Enabled 999
SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POODLE) 488
SSL Version 2 Protocol Detection 351
SNMP Agent Default Community Name 332
Microsoft Windows SMB NULL Session Authentication 267
RomPager HTTP Referer Header XSS 199
SSH Protocol Version 1 Session Key Retrieval 181
MS12-020: Vulnerabilities in Remote Desktop Could Allow Remote Code Execution 148
Energy and Utilities (cont.)
protiviti.com 2018 Security Threat Report · 37
Healthcare and Life Sciences
Top 10 Overall Exploits (External and Internal)
0 450250 300 350 40020015010050
99
136MS15-034: Windows HTTP.sys Remote Code Execution
Vulnerability | CVE-2015-1635
151
Apache 2.2 < 2.2.22 Multiple Vulnerabilities | CVE-2011-3368
Apache HTTP Server Byte Range DoS | CVE-2011-3192 192
Web Server Directory Traversal Arbitrary File Access | CVE-2000-0920 195
MS17-010: Windows SMB Remote Code Execution (EternalBlue) | CVE-2017-0143 238
HP System Management Homepage < 7.1.1 Multiple Vulnerabilities | CVE-2011-1944 411
Apache Tomcat / JBoss EJBInvokerServlet / JMXInvokerServletMarshalled Object Remote Code Execution | CVE-2012-0874
GNUC C Library < 2.23 Multiple VulnerabilitiesCVE-2015-7547
96
Microsoft Windows Unquoted ServicePath Enumeration | CVE-2013-1609
77MS08-067: Server Service Vulnerability | CVE-2008-4250
58
38 · Protiviti
Top 10 Overall Exploits by Port (External and Internal)
ftp (21)
netbios-ns (137)
ssh (22)
telnet (23)
http (80)
https (443)
microsoft-ds (445)
netbios-ssn (139)
sunrpc (111)
raw (9100)
974
1700
1948
1966
2367
15916
900
340
1421
314
01
02
03
04
05
06
07
08
09
10
Healthcare and Life Sciences (cont.)
protiviti.com 2018 Security Threat Report · 39
Top 10 Overall Vulnerabilities (External and Internal)
Microsoft Windows Remote Desktop Protocol Server MiTM Weakness 15721
SSL RC4 Cipher Suites Supported 14456
SSH Server CBC Mode Ciphers Enabled 5786
SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POODLE) 3992
Microsoft Windows SMB NULL Session Authentication 3092
Dropbear SSH Server < 2013.59 Multiple Vulnerabilities 1211
MS16-047: Security Update for SAM and LSAD Remote Protocols 936
SNMP Agent Default Community Name 760
SSL Version 2 Protocol Detection 596
Chargen UDP Service Remote DoS 530
Healthcare and Life Sciences (cont.)
40 · Protiviti
Manufacturing
Top 10 Overall Exploits (External and Internal)
0 350250 30020015010050
MS14-064: Windows OLE Automation Array Remote Code Execution Vulnerability | CVE-2014-6332 57
35MS08-067: Server Service Vulnerability | CVE-2008-4250
Apache HTTP Server Byte Range DoS | CVE-2011-3192 70
HP System Management Homepage < 7.1.1 Multiple Vulnerabilities | CVE-2011-1944 194
MS15-034: Windows HTTP.sys Remote Code Execution Vulnerability (uncredentialed check) | CVE-2015-1635 344
46Apache 2.2 < 2.2.28 Multiple Vulnerabilities | CVE-2013-5704
59Microsoft Windows Unquoted Service Path
Enumeration | CVE-2013-1609
MS14-070: TCP/IP Elevation of Privilege Vulnerability | CVE-2014-4076 30
32Web Server Directory Traversal Arbitrary
File Access | CVE-2000-0920
MS14-062: Unvalidated Address in IRP Handler Privilege Elevation Vulnerability | CVE-2014-4971 30
protiviti.com 2018 Security Threat Report · 41
Top 10 Overall Exploits by Port (External and Internal)
ssh (22)
h323 (1720)
telnet (23)
netbios-ssn (139)
https (443)
microsoft-ds (445)
http (80)
ftp (21)
netbios-ns (137)
dcom-scm (135)
1143
1525
2406
3142
76
95
172
222
237
345
01
02
03
04
05
06
07
08
09
10
Manufacturing (cont.)
42 · Protiviti
Top 10 Overall Vulnerabilities (External and Internal)
Microsoft Windows Remote Desktop Protocol Server MiTM Weakness 3192
SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POODLE) 2147
SSL RC4 Cipher Suites Supported 1925
RomPager HTTP Referer Header XSS 1481
SSH Server CBC Mode Ciphers Enabled 1329
Microsoft Windows SMB NULL Session Authentication 1267
MS12-020: Vulnerabilities in Remote Desktop Could Allow Remote Code Execution 581
SNMP Agent Default Community Name 505
HTTP TRACE / TRACK Methods Allowed 384
MS14-066: Vulnerability in Schannel Could Allow Remote Code Execution 365
Manufacturing (cont.)
protiviti.com 2018 Security Threat Report · 43
Technology, Media and Telecommunications
Top 10 Overall Exploits (External and Internal)
0 350250 30020015010050
MS14-064: Windows OLE Automation Array Remote CodeExecution Vulnerability | CVE-2014-6332 57
35MS08-067: Server Service Vulnerability | CVE-2008-4250
Apache HTTP Server Byte Range DoS | CVE-2011-3192 70
HP System Management Homepage < 7.1.1 Multiple Vulnerabilities | CVE-2011-1944 194
MS15-034: Windows HTTP.sys Remote Code ExecutionVulnerability (uncredentialed check) | CVE-2015-1635 344
46Apache 2.2 < 2.2.28 Multiple Vulnerabilities | CVE-2013-5704
59Microsoft Windows Unquoted Service
Path Enumeration | CVE-2013-1609
32Web Server Directory Traversal Arbitrary
File Access | CVE-2000-0920
MS14-062: Unvalidated Address in IRP Handler PrivilegeElevation Vulnerability | CVE-2014-4971 30
MS14-070: Vulnerability in TCP/IP Elevation of Privilege | CVE-2014-4076 30
44 · Protiviti
Top 10 Overall Exploits by Port (External and Internal)
netbios-ssn (139)
finger (79)
http (80)
ssh (22)
https (443)
microsoft-ds (445)
h323 (1720)
telnet (23)
ntp (123)
netbios-ns (137)
1097
2787
2907
3032
67
78
134
187
253
980
01
02
03
04
05
06
07
08
09
10
Technology, Media and Telecommunications (cont.)
protiviti.com 2018 Security Threat Report · 45
Top 10 Overall Vulnerabilities (External and Internal)
SSL RC4 Cipher Suites Supported 4840
Microsoft Windows Remote Desktop Protocol Server MiTM Weakness 1673
SSH Server CBC Mode Ciphers Enabled 1087
SSL Version 2 Protocol Detection 874
SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POODLE) 787
Web Server HTTP Header Internal IP Disclosure 738
Microsoft Windows SMB NULL Session Authentication 496
HTTP TRACE / TRACK Methods Allowed 420
Apache HTTP Server httpOnly Cookie Information Disclosure 226
Internet Key Exchange (IKE) Aggressive Mode with Pre-Shared Key 208
Technology, Media and Telecommunications (cont.)
46 · Protiviti
Key Questions to Consider
Final Thoughts
Following are some suggested questions that CIOs and
IT leaders should consider, based on the context of and
risks inherent in the entity’s operations:
• Are our systems correctly configured to prevent
hackers from getting in?
• Does our organization have a good handle on its asset
inventory? Specifically, do we know what’s exposed on
the internet and what’s not? Is it protected?
• Are we protected from insider threats?
• Are web applications developed and maintained in a
manner to resist attack?
• Do our employees know how to identify and respond
to attacks?
Over the past decade, the cyber threat landscape
clearly has been perilous for organizations and
undoubtedly will remain so in the years ahead. What can
organizations learn from all of this? Perhaps the key
lesson is that any organization most likely has security
vulnerabilities in one or more areas. To understand these
vulnerabilities better, organizations should perform a
comprehensive assessment to identify their security
vulnerabilities and threats. Further, the calls to action
detailed earlier provide a roadmap for organizations to
improve their overall security posture.
protiviti.com 2018 Security Threat Report · 47
ABOUT PROTIVITI
Protiviti is a global consulting firm that delivers deep expertise, objective insights, a tailored approach and unparalleled collaboration to help leaders confidently face the future. Protiviti and our independently owned Member Firms provide consulting solutions in finance, technology, operations, data, analytics, governance, risk and internal audit to our clients through our network of more than 70 offices in over 20 countries.
We have served more than 60 percent of Fortune 1000® and 35 percent of Fortune Global 500® companies. We also work with smaller, growing companies, including those looking to go public, as well as with government agencies. Protiviti is a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in 1948, Robert Half is a member of the S&P 500 index.
Kurt Underwood Managing Director Global Leader, Technology Consulting Practice +1.206.262.8389 [email protected]
Scott Laliberte Managing Director +1.267.256.8825 [email protected]
Andrew Retrum Managing Director +1.312.476.6353 [email protected]
CONTACTS
Randy Armknecht Managing Director +1.312.476.6428 [email protected]
Michael Walter Managing Director +1.303.898.9145 [email protected]
Tom Stewart Director +1.312.931.8901 [email protected]
© 2018 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Veterans. PRO-0418-101105 Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.
THE AMERICAS UNITED STATES
Alexandria
Atlanta
Baltimore
Boston
Charlotte
Chicago
Cincinnati
Cleveland
Dallas
Fort Lauderdale
Houston
Indianapolis
Kansas City
Los Angeles
Milwaukee
Minneapolis
New York
Orlando
Philadelphia
Phoenix
Pittsburgh
Portland
Richmond
Sacramento
Salt Lake City
San Francisco
San Jose
Seattle
Stamford
St. Louis
Tampa
Washington, D.C.
Winchester
Woodbridge
ARGENTINA*
Buenos Aires
BRAZIL*
Rio de Janeiro Sao Paulo
CANADA
Kitchener-Waterloo Toronto
CHILE*
Santiago
COLOMBIA*
Bogota
MEXICO*
Mexico City
PERU*
Lima
VENEZUELA*
Caracas
EUROPE MIDDLE EAST AFRICA
FRANCE
Paris
GERMANY
Frankfurt
Munich
ITALY
Milan
Rome
Turin
NETHERLANDS
Amsterdam
UNITED KINGDOM
London
BAHRAIN*
Manama
KUWAIT*
Kuwait City
OMAN*
Muscat
QATAR*
Doha
SAUDI ARABIA*
Riyadh
UNITED ARAB EMIRATES*
Abu Dhabi
Dubai
ASIA-PACIFIC CHINA
Beijing
Hong Kong
Shanghai
Shenzhen
JAPAN
Osaka
Tokyo
SINGAPORE
Singapore
INDIA*
Bangalore
Hyderabad
Kolkata
Mumbai
New Delhi
AUSTRALIA
Brisbane
Canberra
Melbourne
Sydney
*MEMBER FIRM
© 2
01
7 P
roti
vit
i In
c. A
n E
qu
al O
pp
ort
un
ity
Em
plo
yer.
M/F
/Dis
ab
ilit
y/V
et.
PR
O-0
41
7