• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Project of the Week
  • About Us
    SEARCH
Compliance, IT Infrastructure, Network Security, News

Malware Developers Are Targeting These 10 2021 Security Bugs

Research from Skybox Security finds that security 2021 bugs in Log4j and Exchange Server are the most targeted by malware developers.

April 13, 2022 Zachary Comeau Leave a Comment

Log4j, Older Vulnerabilities, CISA KEV
stock.adobe.com/Andreas Prott

Security analysts at Skybox Security uncovered a 42% increase in new ransomware programs targeting known vulnerabilities last year, including critical vulnerabilities discovered in Log4j and Exchange Server.

The San Jose, Calif. cybersecurity company’s 2022 Vulnerability and Trends Report, released this week, details how quickly hackers capitalize on new security bugs and continue to reduce the amount of time that organizations have to remediate vulnerabilities ahead of attacks.

According to Skybox Research Lab, the company’s threat intelligence division, there were 20,175 new vulnerabilities published in 2021, which is up significantly from 18,341 published in 2020 and the most ever reported in a single year.

In addition, that increase in new vulnerabilities is the largest year-over-year increase since 2018.

The company listed 10 vulnerabilities disclosed in 2021 and the number of malware programs targeting them, with the Log4j remote code execution vulnerability, dubbed Log4Shell, top among them with 15 malware programs targeting the bug.

Seven of the listed bugs are Microsoft Exchange Server issues, including code execution, elevation of privilege, arbitrary file write flaws and more.

The other two vulnerabilities are remote code execution flaws in Pulse Connect Secure and Atlassian Confluence.

Those 10 bugs, ranked in order, include:

  • CVE-2021-44228 – Apache Log4j Critical Remote Code Execution Vulnerability (Log4Shell)
  • CVE-2021-26855 – Microsoft Exchange Server Remote SSRF Vulnerability
  • CVE-2021-27065 – Microsoft Exchange Server Remote Arbitrary File Write Vulnerability
  • CVE-2021-26857 – Microsoft Exchange Server Remote Code Execution Vulnerability
  • CVE-2021-26858 – Microsoft Exchange Server Remote Arbitrary File Write Vulnerability
  • CVE-2021-34523 – Microsoft Exchange Server Elevation of Privilege Vulnerability
  • CVE-2021-34473 – Microsoft Exchange Server Remote Code Execution Vulnerability
  • CVE-2021-22893 – Pulse Connect Secure Remote Code Execution Vulnerability
  • CVE-2021-26084 – Atlassian Confluence Remote Code Execution Vulnerability (Confluenza)
  • CVE-2021-31207 – Microsoft Exchange Server Security Feature Bypass Vulnerability

The company’s report also found that crypto hacking and ransomware programs are leading the charge, with increases of 75% and 42%, respectively, as cybercriminals continue to conduct attacks designed to turn a quick profit.

“Both cases illustrate how the malware industry is getting better at leveraging emerging business opportunities, providing a range of tools and services used by seasoned cybercriminals and inexperienced newbies alike,” the report says.

The company’s research indicates that malware developers are moving quickly to target newly disclosed vulnerabilities.

Skybox Security’s report also details just how quickly attackers exploit vulnerabilities and how much faster they are at developing attacks to exploit them. According to the report, 168 bugs published in 2021 were exploited within in the year, a 24% increase from 2020. That puts security teams in a squeeze as they have a limited amount of time to remediate the bugs once they are published.

The company urges organizations to take a different approach to vulnerability risk rather than just relying on the CVSS score, including advanced risk scoring. That means grading security bug risk based on four factors:

  • Measured CVSS severity
  • Likelihood of exploitation
  • Exposure level based on security controls and configurations in place on the network
  • Importance of the asset

The company also advises companies to take a holistic discovery approach to vulnerabilities, more precisely prioritize patches, conduct targeted mitigation and remediation and automate security functions to keep oversight ongoing.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!

Tagged With: Malware, Patch management, Skybox Security, Vulnerabilities

Related Content:

  • Cloud, SASE, Aryaka How the Cloud is Redefining Media Production and…
  • Singlewire Software mass notification interview Singlewire Software on Mass Notification Solutions
  • URI catchbox 1 Catchbox Plus: The Mic Solution That Finally Gave…
  • Engaging virtual meeting with diverse participants discussing creative ideas in a bright office space during daylight hours Diversified Survey: Workplace AV Tech is Falling Short,…

Free downloadable guide you may like:

  • Practical Design Guide for Office SpacesPractical Design Guide for Office Spaces

    Recent Gartner research shows that workers prefer to return to the office for in-person meetings for relevant milestones, as well as for face-to-face time with co-workers. When designing the office spaces — and meeting spaces in particular — enabling that connection between co-workers is crucial. But introducing the right collaboration technology in meeting spaces can […]

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Latest Downloads

Practical Design Guide for Office Spaces
Practical Design Guide for Office Spaces

Recent Gartner research shows that workers prefer to return to the office for in-person meetings for relevant milestones, as well as for face-to-fa...

New Camera Can Transform Your Live Production Workflow
New Camera System Can Transform Your Live Production Workflow

Sony's HXC-FZ90 studio camera system combines flexibility and exceptional image quality with entry-level pricing.

Creating Great User Experience and Ultimate Flexibility with Clickshare

Working and collaborating in any office environment today should be meaningful, as workers today go to office for very specific reasons. When desig...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Contact Us
  • Comment Guidelines
  • RSS Feeds
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!
Emerald Logo
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSYour Privacy ChoicesTERMS OF USEPRIVACY POLICY

© 2025 Emerald X, LLC. All rights reserved.