Known vulnerabilities for which patches have already been made available are the primary vehicle for cyber attacks.
The latest Threat Landscape Report from Tenable reveals that the most commonly exploited vulnerabilities were up to five years old.
The Tenable Threat Landscape Report categorises important vulnerability data and analyses attacker behaviour to help organisations inform their security programs and prioritise security efforts to focus on areas of greatest risk and disrupt attack paths, ultimately reducing exposure to cyber incidents. Of the events analysed, more than 2.29 billion records were exposed, which accounted for 257 Terabytes of data. More than three per cent of all data breaches identified were caused by unsecured databases, accounting for leaks of over 800 million records.
Threat actors continue to find success with known and proven exploitable vulnerabilities that organizations have failed to patch or remediate successfully. According to the Tenable report, the number one group of most-frequently exploited vulnerabilities represents a large pool of known vulnerabilities, some of which were originally disclosed as far back as 2017. Organizations that failed to apply vendor patches for these vulnerabilities were at increased risk of attacks throughout 2022.
The top exploited vulnerabilities within this group include several high-severity flaws in Microsoft Exchange, Zoho ManageEngine products and virtual private network solutions from Fortinet, Citrix and Pulse Secure. For the other four most commonly exploited vulnerabilities – including Log4Shell; Follina; an Atlassian Confluence Server and Data Center flaw; and ProxyShell – patches and mitigations were highly publicized and readily available. In fact, four of the first five zero-day vulnerabilities exploited in the wild in 2022 were disclosed to the public on the same day the vendor released patches and actionable mitigation guidance.
“The data highlights that long-known vulnerabilities frequently cause more destruction than the shiny new ones,” said Bob Huber, chief security officer and head of research, Tenable. “Cyberattackers repeatedly find success exploiting these overlooked vulnerabilities to obtain access to sensitive information. Numbers like these conclusively demonstrate that reactive post-event cybersecurity measures aren’t effective at mitigating risk. The only way to turn the tide is to shift to preventive security and exposure management.”
While adopting a cloud-first posture enables businesses to grow and scale, it also introduces new forms of risk, as silent patches and security hardening are often completed by cloud service providers (CSPs) without any notice. Vulnerabilities impacting CSPs are not reported in a security advisory, assigned a CVE identifier or mentioned in release notes. This lack of transparency makes it challenging for security teams to accurately assess risk and report to stakeholders.
In addition to vulnerability and mis-configuration analysis, the report examines prolific attack groups and their tactics. Ransomware remained the most common attack method used in successful breaches. Previous Tenable Research on the ransomware ecosystem found that the multi-million dollar ransomware ecosystem is fueled by double extortion and ransomware-as-a-service models, which make it easier than ever for cybercriminals who lack technical skills to commoditsed ransomware.
The LockBit ransomware group, a known user of double and triple extortion tactics, dominated the ransomware sphere, accounting for ten per cent of analysed ransomware incidents, followed by the Hive ransomware group (7.5 per cent), Vice Society (6.3 per cent) and BlackCat/ALPHV (5.1 per cent).