In 2021, the number of serious network vulnerabilities dropped almost 10% from the previous year, a new report found.
Sounds good, right? But, across the same period, actual network attacks jumped 15% to reach an all-time high, with Log4Shell ranking as one of the top vulnerabilities exploited.
The report is just the latest look at the continuing cybersecurity ripples that have followed 2020's big shift towards remote work. Some vulnerabilities have been tamped down, but the attacks remain a major concern.
Attacks Are on the Rise
The most recent analysis comes from the 2022 Unit 42 Network Threat Trends report, recently released from American cybersecurity company Palo Alto Networks.
The report breaks down all the tracked vulnerabilities, dubbed Common Vulnerabilities and Exposures or CVEs, by severity. Across 2021, 11,841 network-related CVEs reached medium or higher severity levels, a number that had dropped since 2020, when the shift to remote work opened up 13,123 medium or above vulnerabilities.
Still, the attackers seem to have figured out what works. As the report puts it:
“However, attacks themselves have increased 15% from 2020 to 2021, reaching an all-time high—3X more than what we’ve observed prior to the uptick in remote work due to COVID-19. Fewer CVEs with a greater number of attacks in 2021 heightens the need for patching and virtual patching.”
Pre-Covid attack numbers were even lower: It's not an exaggeration to say threats have tripled over the last few years.
Log4Shell Was the Worst Vulnerability of 2021
There's a reason why researchers have called Log4Shell “a design failure of catastrophic proportions.”
According to the new report, over 11 million (and rising) active Log4Shell exploitation attempts have been tracked since the issue became publicly known. From the report:
“Log4Shell also caused observed cases of critical severity exploits in the wild to triple in December compared to the previous month.”
Other big CVEs worth mentioning include the notoriously vulnerable Internet of Things as well as older flaws that have been known for years.
The main gist of the report seems to be the need for IT pros to focus on patching up existing issues: Since the total number of vulnerabilities is on the decline, the rising number of attacks are coming more and more often from well-known bugs that simply haven't been patched by enough users.
Working Remote and Staying Safe
The internet connects us all, and that's a double-edged sword. It's great for workers who need the increased flexibility, but it also lets bad actors reach a larger group of potential victims. Businesses can best respond by working to identify and patch the biggest vulnerabilities existing in their networks today.
With enough effort from all, vulnerabilities will continue to drop, and patches can reduce the soaring number of attacks in the coming years.
In the meantime, keep your employees in the loop with the latest security tech. Password managers are likely the most useful in reducing human error, although remote work software and top-quality VPNs are also useful tools.