Malicious hackers exploit known vulnerabilities because organizations are not fast enough to fix – report
Jessica Haworth October 01, 2021 at 13:39 UTC
Updated: October 01, 2021 at 13:47 UTC
Cybercriminals scan Shodan for easy marks
Organizations are urged to be more proactive when it comes to protecting themselves against vulnerabilities, after a report found malicious attackers routinely exploit unpatched systems.
The Trustwave SpiderLabs 2021 telemetry report, released this week, found that a large number of businesses are falling victim to cyber attacks despite having easy access to the right fixes.
This happens because malicious actors use Shodan to find networks exposed to known vulnerabilities and exploit them before the victim can apply the patch.
Researchers at Trustwave SpiderLabs reported that there was a record number (around 18,352) of new security vulnerabilities in 2020, a 6% increase from 2019 and a “staggering” increase of 184.66% from to 2016.
And while some of these flaws were rated as high severity, over 50% of servers were vulnerable to exploitation weeks and even months after a security update was released.
The researchers said this was due to the servers either not getting patched in a timely manner or having an unsupported (and therefore unpatchable) version of the software running.
High level targets
The report assessed a number of high-profile vulnerabilities that emerged in 2021, including the Apache Tomcat HTTP Request Contraband Vulnerability (CVE-2021-33037), several vulnerabilities in VMware vCenter (CVE-2021-21986 and CVE-2021-21985 ), and several vulnerabilities in Microsoft Exchange Server alias ProxyLogon (CVE-2021-26855, CVE-2021-26858, CVE-2021-26857 and CVE-2021-270650).
The team used Shodan to determine how many networks remained open to these security issues, although fixes are widely available.
The results were varied: while only 5.9% of networks were still vulnerable to ProxyLogon, 49% were susceptible to being exploited by VMware vCenter issues, and 54% were vulnerable to the Apache Tomcat HTTP request smuggling bug.
The full report contains more details on the other vulnerabilities investigated.
READ MORE VMware Warning: Several Vulnerabilities in vCenter Server Could Allow Dial-Up Networking
The report reads: “Attackers use Shodan telemetry to gather information about vulnerable instances, sometimes faster than ethical hackers.
“Thus, it is imperative that organizations proactively identify vulnerabilities and remediate them.
“The Shodan telemetry report reviewed some of the high-profile vulnerabilities of 2021 on targets accessible on the internet. As mentioned, our team observed that for the vulnerabilities we examined, at least 3 of them saw more than 50% of instances accessible on the internet were vulnerable.
“Indeed, this was the case weeks and even months after the patch was released. Another key observation has been the high number of end-of-life and general end-of-support software on the Internet.
“Unsupported versions of software do not receive security patches, which greatly increases the risk of exploitation. “
YOU MAY ALSO LIKE OWASP celebrates its 20th anniversary with revised Top 10 for 2021