Sponsored by Sumo Logic
Visit Now

2021 Cybersecurity Report IDs Top 15 Vulnerabilities

PinIt

Many top vulnerabilities are in software libraries that have been used for years. Observability offers a better way (vs. traditional security approaches) to find and protect against them.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released its 2021 report outlining the most exploited vulnerabilities for that year. The findings highlight the need for more proactive, more sophisticated security approaches based on artificial intelligence and more.

Number one on the list is a vulnerability within the very popular Apache Log4j product. Known as Log4shell, this vulnerability is exploited most commonly using a specially crafted code string that led to threat actors taking over entire systems.

[Download Now] State of the Cloud: A Security Perspective

The vulnerability in Apache’s Log4j software library should be a main reason to adopt observability. According to CISA, “Log4j is very broadly used in a variety of consumer and enterprise services, websites, and applications—as well as in operational technology products—to log security and performance information.”

See also: Log4j Vulnerability Highlights the Need for Observability

Other notable vulnerabilities include ProxyShell and ProxyLogon, which are present on the Microsoft Exchange server. Both allow threat actors to escalate privileges and eventually take over mailboxes, files, and other credentialed products.

Some vulnerabilities from 2020, such as ZeroLogon, demonstrate the continued vulnerabilities for companies who use products no longer supported by vendors or get behind on updates to their systems.

Companies must act proactively to stay ahead of vulnerabilities. Releasing proof of code within two weeks provides a baseline reaction time for companies affected by these attacks. However, CISA recommends comprehensive security protocols such as updating end-of-life software and identity and access management policies. In addition, segmenting networks to limit the attack surface is also recommended.

Internet-facing systems are a particular concern

This year’s report found that cyber threat actors routinely targeted internet-facing systems such as email servers or virtual private network (VPN) servers. The rise of remote and distributed workforces should make this a concern for companies and enterprises in the throes of changing how and where their workforce performs company tasks.

For most of the vulnerabilities, threat actors released proof of concept codes within mere weeks. The quick release of these codes provided a broader range of threat actors with the tools they’d need to hit companies again.

Nine of the 15 vulnerabilities are remote code execution vulnerabilities. These loopholes allow threat actors to take over systems remotely and then gain access to wide swaths of the network once inside.

[Download Now] State of the Cloud: A Security Perspective
Salvatore Salamone

About Salvatore Salamone

Salvatore Salamone is a physicist by training who has been writing about science and information technology for more than 30 years. During that time, he has been a senior or executive editor at many industry-leading publications including High Technology, Network World, Byte Magazine, Data Communications, LAN Times, InternetWeek, Bio-IT World, and Lightwave, The Journal of Fiber Optics. He also is the author of three business technology books.

Leave a Reply

Your email address will not be published. Required fields are marked *