Surveys
Known Vulnerabilities Pose Biggest Cybersecurity Threat
Long-known vulnerabilities cause more trouble for firms than new ones, so a study of the sector shows.
Tenable, a US-based
“exposure management” company helping businesses with
cybersecurity, has found that the most commonly exploited
vulnerabilities were up to five years old.
The firm has issued its annual 2022 Threat Landscape
Report. The findings are based on the Tenable Research
team’s analysis of cybersecurity events, vulnerabilities, and
trends throughout last year. It analyzes 1,335 data breach
incidents publicly disclosed between November 2021 and October
2022.
Of the events analyzed, more than 2.29 billion records were
exposed, which accounted for 257 terabytes of data. More than 3
per cent of all data breaches identified were caused by unsecured
databases, accounting for leaks of over 800 million records.
“The data highlights that long-known vulnerabilities frequently
cause more destruction than the shiny new ones,” Bob Huber, chief
security officer and head of research, Tenable, said.
The number one group of most-frequently exploited vulnerabilities
represents a large pool of known vulnerabilities, some of which
were originally disclosed as far back as 2017.
The top exploited vulnerabilities within this group include
several high-severity flaws in Microsoft Exchange, Zoho
ManageEngine products and virtual private network solutions from
Fortinet, Citrix and Pulse Secure, the report said.
For the other four most commonly exploited vulnerabilities
– including Log4Shell; Follina; an Atlassian Confluence
Server and Data Center flaw; and ProxyShell – patches and
mitigations were highly publicized and readily available, the
report continued.
Four of the first five zero-day vulnerabilities exploited in the
wild in 2022 were disclosed to the public on the same day the
vendor released patches and actionable mitigation guidance, it
said.
“Cyberattackers repeatedly find success exploiting these
overlooked vulnerabilities to obtain access to sensitive
information,” Huber said. “Numbers like these conclusively
demonstrate that reactive post-event cybersecurity measures
aren’t effective at mitigating risk. The only way to turn the
tide is to shift to preventive security and exposure management.”
In addition to vulnerability and misconfiguration analysis, the
report examines prolific attack groups and their tactics.
Ransomware remained the most common attack method used in
successful breaches.
The LockBit ransomware group, a known user of double and triple
extortion tactics, dominated the ransomware sphere, accounting
for 10 per cent of analyzed ransomware incidents, followed by the
Hive ransomware group (7.5 per cent), Vice Society (6.3 per cent)
and BlackCat/ALPHV (5.1 per cent).