2021 Saw More Network Attacks Than Ever Despite Fewer Vulnerabilities

Log4Shell is the worst vulnerability, a new report says, with over 11 million active exploitation attempts tracked.
Adam Rowe

In 2021, the number of serious network vulnerabilities dropped almost 10% from the previous year, a new report found.

Sounds good, right? But, across the same period, actual network attacks jumped 15% to reach an all-time high, with Log4Shell ranking as one of the top vulnerabilities exploited.

The report is just the latest look at the continuing cybersecurity ripples that have followed 2020's big shift towards remote work. Some vulnerabilities have been tamped down, but the attacks remain a major concern.

Attacks Are on the Rise

The most recent analysis comes from the 2022 Unit 42 Network Threat Trends report, recently released from American cybersecurity company Palo Alto Networks.

The report breaks down all the tracked vulnerabilities, dubbed Common Vulnerabilities and Exposures or CVEs, by severity. Across 2021, 11,841 network-related CVEs reached medium or higher severity levels, a number that had dropped since 2020, when the shift to remote work opened up 13,123 medium or above vulnerabilities.

Still, the attackers seem to have figured out what works. As the report puts it:

“However, attacks themselves have increased 15% from 2020 to 2021, reaching an all-time high—3X more than what we’ve observed prior to the uptick in remote work due to COVID-19. Fewer CVEs with a greater number of attacks in 2021 heightens the need for patching and virtual patching.”

Pre-Covid attack numbers were even lower: It's not an exaggeration to say threats have tripled over the last few years.

Log4Shell Was the Worst Vulnerability of 2021

There's a reason why researchers have called Log4Shell “a design failure of catastrophic proportions.”

According to the new report, over 11 million (and rising) active Log4Shell exploitation attempts have been tracked since the issue became publicly known. From the report:

“Log4Shell also caused observed cases of critical severity exploits in the wild to triple in December compared to the previous month.”

Other big CVEs worth mentioning include the notoriously vulnerable Internet of Things as well as older flaws that have been known for years.

The main gist of the report seems to be the need for IT pros to focus on patching up existing issues: Since the total number of vulnerabilities is on the decline, the rising number of attacks are coming more and more often from well-known bugs that simply haven't been patched by enough users.

Working Remote and Staying Safe

The internet connects us all, and that's a double-edged sword. It's great for workers who need the increased flexibility, but it also lets bad actors reach a larger group of potential victims. Businesses can best respond by working to identify and patch the biggest vulnerabilities existing in their networks today.

With enough effort from all, vulnerabilities will continue to drop, and patches can reduce the soaring number of attacks in the coming years.

In the meantime, keep your employees in the loop with the latest security tech. Password managers are likely the most useful in reducing human error, although remote work software and top-quality VPNs are also useful tools.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Adam is a writer at Tech.co and has worked as a tech writer, blogger and copy editor for more than a decade. He's also a Forbes Contributor on the publishing industry, for which he was named a Digital Book World 2018 award finalist. His work has appeared in publications including Popular Mechanics and IDG Connect, and he has an art history book on 1970s sci-fi coming out from Abrams Books in 2022. In the meantime, he's hunting own the latest news on VPNs, POS systems, and the future of tech.

Explore More See all news
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals