According to a recent report on IT security incidents, the cat-and-mouse game between admins and cybercriminals is intensifying.
The security researchers from Unit 42 of the IT security company Palo Alto Networks warn that attackers are always keeping an eye on current security gaps and that attacks are being carried out faster and faster. Admins can hardly keep up with patching.
In their “Incident Response Report 2022”, they also show, among other things, which ways attackers most often slip into company networks and which gaps have been particularly popular in recent months.
Shortened window for patching
The security researchers state that cyber criminals constantly monitor portals announcing security vulnerabilities. Gaps are marked with a CVE number and can be identified with it. According to them, if a new number appears, the first scans for unpatched and therefore vulnerable systems typically start after 15 minutes.
As an example, they take a “critical” vulnerability (CVE-2022-1388) in BIG-IP systems from F5. In this case, 2552 scans and exploit attempts are said to have occurred within ten hours of the vulnerability becoming known.
The researchers also warn against the use of end-of-life (EoL) software that no longer receives support in the form of security updates. They write that 32 percent of vulnerable organizations are using an outdated and vulnerable version of the Apache Web Server.
Popular methods and gaps
In order to gain a foothold in corporate networks, attackers use phishing 37 percent of the time. They can also get access data from employees via fake emails, for example. In 31 percent of cases, unauthorized access is achieved by successfully exploiting security gaps, the researchers explain.
According to them, the ProxyShell vulnerabilities (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207) in Exchange Server have been exploited the most in 2022 at 55 percent. The “critical” Gaps in the Java logging library Log4j follow with 14 percent.
Companies should take these numbers seriously and think about expanding a security department including patch management. Basically, it is often only a matter of time before an IT security incident occurs in a company.
