After a report found that attackers often exploit unpatched systems, organizations are being urged to be more proactive when it comes to protecting against vulnerabilities.
The Trustwave SpiderLabs Telemetry Report for 2021, published this week, found that despite having fast access to appropriate fixes, a large number of organizations are falling victim to cyberattacks.
This is due to threat actors scanning networks for known vulnerabilities using Shodan and exploiting them before the victim can deploy the patch.
According to Trustwave SpiderLabs researchers, there were a record-breaking number of new security vulnerabilities in 2020 (approximately 18,352), a 6 percent increase from 2019 and a “staggering” 184.66 percent increase from 2016.
While several of these security vulnerabilities were classified as high severity, more than 50 percent of the servers were vulnerable to exploitation weeks and months, after a security upgrade was released.
The reason for this, according to researchers, is that the servers were either not patched in a timely manner or were running an unsupported (and thus unpatched) version of the software.
The Apache Tomcat HTTP request smuggling vulnerability (CVE-2021-33037), multiple vulnerabilities in VMware vCenter (CVE-2021-21986 and CVE-2021-21985), and multiple vulnerabilities in Microsoft Exchange Server aka ProxyLogon (CVE-2021-26855, CVE-2021-26858, CVE-2021-26857, and CVE-2021-270650) were all assessed in the report.
Despite the security updates being publicly available, the team used Shodan to identify how many networks were still vulnerable to these security flaws.
While just 5.9 percent of networks were still exposed to ProxyLogon, 49 percent were vulnerable to the flaws in VMware vCenter, and 54 percent were vulnerable to the Apache Tomcat HTTP request smuggling bug.
The report reads: “Attackers are leveraging telemetry from Shodan to gather information about vulnerable instances, sometimes faster than ethical hackers.”
“Thus, it is imperative that organizations proactively identify vulnerabilities and patch them.”
“The Shodan telemetry report reviewed some of 2021’s high-profile vulnerabilities on targets accessible on the Internet. As mentioned, our team observed that for the vulnerabilities reviewed, at least 3 of them saw over 50% of instances accessible over the Internet were vulnerable.”
“Indeed, this was the case weeks and even months after patch release. Another key observation saw high numbers of end-of-life and end of general support software on the Internet.”
“Unsupported versions of software do not receive security patches, greatly increasing the risk of exploitation.”