• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Project of the Week
  • About Us
    SEARCH
IT Infrastructure, Network Security, News

ProxyShell, Log4Shell Among Most Exploited Security Bugs

New cybersecurity trends report from Palo Alto Networks finds that attackers are quickly exploiting new vulnerabilities.

July 27, 2022 Zachary Comeau Leave a Comment

Palo Alto Networks Prisma SASE Accenture
stock.adobe.com/Sundry Photography

Updating systems and patching security vulnerabilities has always been a key part of the job for any IT or security professional, but a new report from cybersecurity giant Palo Alto Networks sheds new light on just how quickly threat actors are leveraging new vulnerabilities.

The Santa Clara, Calif.-based security software provider’s Unit 42 Incident Response Report, an analysis of more than 600 incident response cases conducted over the past year found that software vulnerabilities were the initial access vector in 31% of cases, with phishing attacks remaining the top vector at 37% of cases.

Popular vulnerabilities leveraged

In cases where software vulnerabilities were exploited, ProxyShell—a chain of three vulnerabilities in Microsoft Exchange Server—was the most common vulnerability exploited by attackers in cases analyzed by Unit 42. The three bugs making up the ProxyShell exploit,  CVE-2021-34473, CVE-2021-34523 and CVE-2021-31207, were responsible for 55% of cases where vulnerabilities were leveraged.

Meanwhile, Log4Shell, the critical remote code execution flaw found in the popular Java logging tool Log4j late last year, was leveraged in 14% of such cases. Palo Alto notes in its report that by February 2, its researchers saw nearly 126 million hits triggering the Threat Prevention signature meant to protect against the exploit. Although just 14%, Palo Alto notes that the bug was public for just a few months of the time period studied in the report.

Attackers quick to exploit new bugs

That quick action by threat actors was also detailed in the report, with the company reporting a rise in exploits of new vulnerabilities and a quicker time-to-exploit once a bug is published. According to Palo Alto Networks, exploitation can sometimes coincide with the disclosure.

One vulnerability discovered by the company had 2,552 hits just 10 hours after publishing due to vulnerability scanning and active exploitation attempts, according to the report.

However, attackers start scanning for vulnerabilities with 15 minutes of a CVE being published, which places more emphasis on the need to immediately apply critical security updates when they become available.

Ransomware payouts, most attacked industries

Other key trends covered in the report include new findings on ransomware. According to the report, the median dwell time ransomware attackers spend in an environment before being detected was 28 days. Ransom demands also continue to rise, hitting an average of nearly $1 million, and some reported payouts as high as $8 million.

The report also highlights the most attacked industries observed in cases Palo Alto Networks has worked, with finance, professional and legal services, manufacturing, healthcare, high tech, wholesale and retail making up 63% of the company’s cases.

Read the company’s report for more information.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!

Tagged With: Cybersecurity, Palo Alto Networks, phishing, ransomware, Vulnerabilities

Related Content:

  • Cloud, SASE, Aryaka How the Cloud is Redefining Media Production and…
  • Singlewire Software mass notification interview Singlewire Software on Mass Notification Solutions
  • URI catchbox 1 Catchbox Plus: The Mic Solution That Finally Gave…
  • Engaging virtual meeting with diverse participants discussing creative ideas in a bright office space during daylight hours Diversified Survey: Workplace AV Tech is Falling Short,…

Free downloadable guide you may like:

  • Practical Design Guide for Office SpacesPractical Design Guide for Office Spaces

    Recent Gartner research shows that workers prefer to return to the office for in-person meetings for relevant milestones, as well as for face-to-face time with co-workers. When designing the office spaces — and meeting spaces in particular — enabling that connection between co-workers is crucial. But introducing the right collaboration technology in meeting spaces can […]

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Latest Downloads

Practical Design Guide for Office Spaces
Practical Design Guide for Office Spaces

Recent Gartner research shows that workers prefer to return to the office for in-person meetings for relevant milestones, as well as for face-to-fa...

New Camera Can Transform Your Live Production Workflow
New Camera System Can Transform Your Live Production Workflow

Sony's HXC-FZ90 studio camera system combines flexibility and exceptional image quality with entry-level pricing.

Creating Great User Experience and Ultimate Flexibility with Clickshare

Working and collaborating in any office environment today should be meaningful, as workers today go to office for very specific reasons. When desig...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Contact Us
  • Comment Guidelines
  • RSS Feeds
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!
Emerald Logo
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSYour Privacy ChoicesTERMS OF USEPRIVACY POLICY

© 2025 Emerald X, LLC. All rights reserved.