Attackers never let a critical vulnerability go to waste

GreyNoise Intelligence unveiled its research report that dives deep into the most significant threat detection events of the past 12 months.

“When it comes to cybersecurity, not all vulnerabilities are created equal, and many of the ones that garner media attention actually turn out to be insignificant,” said Bob Rudis, VP Research & Data Science, GreyNoise Intelligence.

GreyNoise added over 230 new detection tags in 2022, representing an increase of approximately 38% from 2021. For its 2022 report, researchers provide insights into:

• The celebrity vulnerability hype cycle, with a breakdown of the CVE-2022-1388, an F5 Big-IP iControl REST Authentication Bypass
• How hard attackers will work to never let a critical vulnerability go to waste by looking at the depth and breadth of CVE-2022-26134, a critical weakness in Atlassian Confluence
• The impact of the CISA Known Exploited Vulnerabilities catalog releases on defenders

In addition to insights about the most significant threat detection events of 2022, the report offers predictions for 2023 from GreyNoise VP Data Science Bob Rudis:

Expect daily, persistent internet-facing exploit attempts

“We see Log4j attack payloads every day. It’s part of the new ‘background noise’ of the internet, and the exploit code has been baked into numerous kits used by adversaries of every level. It’s very low risk for attackers to look for newly-exposed or re-exposed hosts, with the weakness unpatched or unmitigated. This means organizations must continue to be deliberate and diligent when placing services on the internet,” said Rudis.

Expect more post-initial access internal attacks

“CISA’s database of software affected by the Log4j weakness stopped receiving regular updates earlier this year. The last update showed either ‘Unknown’ or ‘Affected’ status for ~35% (~1,550) of products cataloged. Attackers know that existing products have embedded Log4j weaknesses, and have already used the exploit in ransomware campaigns. If you have not yet dealt with your internal Log4j patching, early 2023 would be a good time to do so,” added Rudis.

Expect headline-grabbing Log4j-centric attacks

“Organizations have to strive for perfection, while attackers need only persistence and luck to find that one device or service that is still exposing a weakness. We will see more organizations impacted by this, and it is vital you do what you can to ensure yours isn’t one of them,” concluded Rudis.