Security analysts at Skybox Security uncovered a 42% increase in new ransomware programs targeting known vulnerabilities last year, including critical vulnerabilities discovered in Log4j and Exchange Server.
The San Jose, Calif. cybersecurity company’s 2022 Vulnerability and Trends Report, released this week, details how quickly hackers capitalize on new security bugs and continue to reduce the amount of time that organizations have to remediate vulnerabilities ahead of attacks.
According to Skybox Research Lab, the company’s threat intelligence division, there were 20,175 new vulnerabilities published in 2021, which is up significantly from 18,341 published in 2020 and the most ever reported in a single year.
In addition, that increase in new vulnerabilities is the largest year-over-year increase since 2018.
The company listed 10 vulnerabilities disclosed in 2021 and the number of malware programs targeting them, with the Log4j remote code execution vulnerability, dubbed Log4Shell, top among them with 15 malware programs targeting the bug.
Seven of the listed bugs are Microsoft Exchange Server issues, including code execution, elevation of privilege, arbitrary file write flaws and more.
The other two vulnerabilities are remote code execution flaws in Pulse Connect Secure and Atlassian Confluence.
Those 10 bugs, ranked in order, include:
- CVE-2021-44228 – Apache Log4j Critical Remote Code Execution Vulnerability (Log4Shell)
- CVE-2021-26855 – Microsoft Exchange Server Remote SSRF Vulnerability
- CVE-2021-27065 – Microsoft Exchange Server Remote Arbitrary File Write Vulnerability
- CVE-2021-26857 – Microsoft Exchange Server Remote Code Execution Vulnerability
- CVE-2021-26858 – Microsoft Exchange Server Remote Arbitrary File Write Vulnerability
- CVE-2021-34523 – Microsoft Exchange Server Elevation of Privilege Vulnerability
- CVE-2021-34473 – Microsoft Exchange Server Remote Code Execution Vulnerability
- CVE-2021-22893 – Pulse Connect Secure Remote Code Execution Vulnerability
- CVE-2021-26084 – Atlassian Confluence Remote Code Execution Vulnerability (Confluenza)
- CVE-2021-31207 – Microsoft Exchange Server Security Feature Bypass Vulnerability
The company’s report also found that crypto hacking and ransomware programs are leading the charge, with increases of 75% and 42%, respectively, as cybercriminals continue to conduct attacks designed to turn a quick profit.
“Both cases illustrate how the malware industry is getting better at leveraging emerging business opportunities, providing a range of tools and services used by seasoned cybercriminals and inexperienced newbies alike,” the report says.
The company’s research indicates that malware developers are moving quickly to target newly disclosed vulnerabilities.
Skybox Security’s report also details just how quickly attackers exploit vulnerabilities and how much faster they are at developing attacks to exploit them. According to the report, 168 bugs published in 2021 were exploited within in the year, a 24% increase from 2020. That puts security teams in a squeeze as they have a limited amount of time to remediate the bugs once they are published.
The company urges organizations to take a different approach to vulnerability risk rather than just relying on the CVSS score, including advanced risk scoring. That means grading security bug risk based on four factors:
- Measured CVSS severity
- Likelihood of exploitation
- Exposure level based on security controls and configurations in place on the network
- Importance of the asset
The company also advises companies to take a holistic discovery approach to vulnerabilities, more precisely prioritize patches, conduct targeted mitigation and remediation and automate security functions to keep oversight ongoing.