19 June 2023
76% of vulnerabilities exploited in 2022 were up to 13 years old
76% of vulnerabilities exploited in 2022 were up to 13 years old. Software updates are a fundamental defense against cyberattacks, as they include patches that fix system vulnerabilities. However, the inconvenience of restarting computers and servers for installation often leads users to postpone updates, ignoring recommended patches that could prevent security issues like identity theft.
Why should we be concerned about software vulnerabilities in 2023?
Recent data from an Ivanti study reveals that ransomware groups exploited a total of 244 unique vulnerabilities in attacks last year, marking a 19% increase compared to 2021. Shockingly, 76% of these vulnerabilities were initially identified between 2010 and 2019 and continue to be exploited, despite patches being available.
Those who have been lucky enough to avoid issues by neglecting updates may have a false sense of security. However, the cyberattack on the Italian energy company Acea in February of this year serves as a stark reminder. The ransomware group known as BlackBasta gained access to Acea's systems by exploiting a known vulnerability in ESXi servers that had been identified since 2021 but not patched in this case. Though the attack did not impact essential services, it partially affected internal IT services and access to the company's website.
IBM's annual X-Force Threat Intelligence Index 2023 supports the concern, reporting that 26% of reported cyberattacks in 2022 were a result of exploiting known vulnerabilities. This figure highlights the significant impact of this attack vector as an entry route for threat actors, ranking second among the main infection vectors and remaining a preferred method of compromise since 2019.
Recommendation
Software updates are the first step in cybersecurity. Continuously emerging vulnerabilities necessitate keeping software up to date, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA). To ensure up-to-date software, CISA recommends:
1. Enabling automatic software updates whenever possible for quick installation.
2. Avoiding the use of obsolete (EOL) and unsupported software.
3. Visiting vendor sites directly and refraining from clicking on advertisements or email links.
4. Avoiding software updates when connected to untrustworthy networks.
Filling the gaps at the endpoint is crucial. Apart from CISA's recommendations, organizations have a responsibility to monitor and mitigate known vulnerabilities that are repeatedly exploited to gain network access. These vulnerabilities pose a greater and more realistic risk than other types of threats. Additionally, the resurgence of old vulnerabilities through ransomware poses a challenge since many Common Vulnerability Scoring System (CVSS) scores do not account for situations where seemingly low-severity vulnerabilities are exploited years later.
Leveraging tools like WatchGuard Patch Management can significantly enhance system protection by keeping systems up to date and safeguarded with available patches. This solution, in conjunction with WatchGuard's endpoint security solutions, helps defend against cybercriminals. Maintaining awareness of vendor-released updates can be challenging and prone to errors, but having a database that allows for comparison of installed patches on network endpoints can shield systems and prevent malware attacks on vulnerable workstations and servers.