Palo Alto’s latest reporting indicates that the most exploited network access vulnerabilities in the first half of 2022 are the exploit chain named “ProxyShell”. These account for a staggering 55% of the total verified exploitation incidents. The ProxyShell attack is an exploitation chain of three vulnerabilities which are tracked as CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207. Second place goes to Log4Shell with 14% of verified incidents attributable to that ingress vector, followed by various SonicWall CVEs which accounted for 7%. “Dishonorable mentions” include ProxyLogon with 5% of incidents attributable to its exploitation and then the RCE in Zoho ManageEngine ADSelfService Plus trails at 3% of the cases.
Palo Alto Unit 42 - Most Exploited Flaws in 2022 H1
These statistics demonstrate that the overwhelming majority of the exploitation volume is attributable to somewhat older vulnerabilities rather than the latest zero-day vulnerabilities. This is likely due to more recently disclosed flaws requiring more complex exploit design combined with the relative number of possible targets having those vulnerabilities rather than a particular difficulty in crafting exploits in general—as attackers have been seen to rapidly create complex exploits for more commonly used software or software used by higher-value targets.
According to the research, roughly one-third of all initial network breaches occur through exploitation of software vulnerabilities over the period reviewed, making software exploitation a very significant avenue being targeted by threat actors. At 37% of the cases, phishing only slightly edged out software vulnerability exploitation as the primary method for attackers to gain a foothold in target networks. Brute-forcing and using compromised credentials account for only 15% of the total cases.
Palo Alto Unit 42 - Initial Access Vectors in 2022 H1
Organizations should take note of these numbers when performing their risk assessments and planning their security measure allocations. Such activities are best managed through implementation of a robust security program. Webcheck Security’s expert security consultants specialize in helping organizations like yours in implementing size-appropriate security programs and improving existing programs’ operations. Reach out to Webcheck today to discuss how we can best help you meet your security objectives.