From 2020 to 2021, there was a 33% increase in the number of reported incidents caused by vulnerability exploitation, according to the 2022 X-Force Threat Intelligence Index. A large percentage of these exploited vulnerabilities were newly discovered; in fact, four out of the top five vulnerabilities in 2021 were newer vulnerabilities. Vulnerability exploitation was the second most common initial infection vector observed by IBM Security X-Force in 2021, falling closely behind phishing. Cybercriminals are finding new ways of bypassing security defenses by identifying weaknesses in network environments or common vulnerabilities and exposures (CVEs) that can be exploited to their benefit, but to the detriment of a vulnerable organization.
This blog takes a look at the most exploited vulnerabilities of 2021 and provides recommendations for organizations to bolster their patch management program to help mitigate the risk of exploitation in 2022.
The Cybersecurity Vulnerabilities Landscape
One of the most notable and recent CVEs in 2021, was CVE-2021-44228, also known as Log4J or Log4Shell. Despite only having been publicly disclosed in December, in less than a month the Log4j vulnerability was the second most exploited vulnerability among the top 10 CVEs of 2021.
As previously stated, four out of the top five most exploited vulnerabilities in 2021 were newly identified. When compared to 2020, that number was just two out of the 10. This trend indicates a clear increase in the volume of exploited vulnerabilities that were previously unknown, signifying that the overall attack surface is expanding rapidly.
According to internal data from X-Force, there were 20,790 new vulnerabilities identified in 2021, surpassing the previous record of 19,242 in 2020. Note that ..
Support the originator by clicking the read the rest link below.
