Print this article

Known Vulnerabilities Pose Biggest Cybersecurity Threat

Editorial Staff

6 March 2023

, a US-based “exposure management” company helping businesses with cybersecurity, has found that the most commonly exploited vulnerabilities were up to five years old.

The firm has issued its annual 2022 Threat Landscape Report. The findings are based on the Tenable Research team’s analysis of cybersecurity events, vulnerabilities, and trends throughout last year. It analyzes 1,335 data breach incidents publicly disclosed between November 2021 and October 2022.

Of the events analyzed, more than 2.29 billion records were exposed, which accounted for 257 terabytes of data. More than 3 per cent of all data breaches identified were caused by unsecured databases, accounting for leaks of over 800 million records.

“The data highlights that long-known vulnerabilities frequently cause more destruction than the shiny new ones,” Bob Huber, chief security officer and head of research, Tenable, said. 

The number one group of most-frequently exploited vulnerabilities represents a large pool of known vulnerabilities, some of which were originally disclosed as far back as 2017. 

The top exploited vulnerabilities within this group include several high-severity flaws in Microsoft Exchange, Zoho ManageEngine products and virtual private network solutions from Fortinet, Citrix and Pulse Secure, the report said.

For the other four most commonly exploited vulnerabilities – including Log4Shell; Follina; an Atlassian Confluence Server and Data Center flaw; and ProxyShell – patches and mitigations were highly publicized and readily available, the report continued.

Four of the first five zero-day vulnerabilities exploited in the wild in 2022 were disclosed to the public on the same day the vendor released patches and actionable mitigation guidance, it said.

“Cyberattackers repeatedly find success exploiting these overlooked vulnerabilities to obtain access to sensitive information,” Huber said. “Numbers like these conclusively demonstrate that reactive post-event cybersecurity measures aren’t effective at mitigating risk. The only way to turn the tide is to shift to preventive security and exposure management.”

In addition to vulnerability and misconfiguration analysis, the report examines prolific attack groups and their tactics. Ransomware remained the most common attack method used in successful breaches. 

The LockBit ransomware group, a known user of double and triple extortion tactics, dominated the ransomware sphere, accounting for 10 per cent of analyzed ransomware incidents, followed by the Hive ransomware group (7.5 per cent), Vice Society (6.3 per cent) and BlackCat/ALPHV (5.1 per cent).