- The number of network-related CVEs considered medium severity and above declined almost 10% last year, according to Palo Alto Networks’ Unit 42 Network Threat Trends report. In 2021, the industry recorded 11,841 such CVEs, down from 13,123 in 2020.
- However, the amount of attacks targeting network-related CVEs observed during 2021 jumped 15% to 262 million, reflecting an all-time high and triple the number of attacks that occurred prior to the COVID-19 crisis.
- Log4Shell vulnerabilities (CVE-2021-44228 and CVE-2021-45046) were the most-exploited CVEs in 2021, surpassing 11 million attack sessions observed in the final weeks of the year. This underscores the ease of exploitation and widespread impact the Apache Log4j vulnerabilities had on enterprise network security, the report said.
Organizations should take no comfort in the drop of higher-impact vulnerabilities last year, as Unit 42’s report shows a corresponding increase in the number of attacks. The imbalance highlights a persistent need for patching.
While Log4j vulnerabilities quickly became the most-exploited attack vector in late 2021, it accounted for about 4% of the total attack sessions observed by Unit 42.
More than 6 million attacks were observed against a PHPUnit remote code execution vulnerability (CVE-2017-9841) dating back to 2017. Indeed, five of the top 10 most-exploited CVEs of 2021 were identified before 2020, the report said.
Unit 42 named Log4j as the No. 1 vulnerability to watch in 2022 and 2023, as the number of exploit detections continues to rise. U.S. and allied cyber authorities in April also listed the remote code execution Log4Shell vulnerability as the most routinely exploited vulnerability in 2021.
Almost 99% of all network vulnerabilities in 2021 were classified as medium severity or above, 18% of which were designated as critical.
Nearly 11% of those critical-severity vulnerabilities have public proof-of-concept availability, meaning threat actors have public access to knowledge on how to exploit the vulnerability, Unit 42 researchers said in the report.
Three-quarters of all remote code execution attacks, which remains the most common type of exploit, targeted critical vulnerabilities, the report said.
Most of the 262 million network exploit attempts in 2021 targeted high-severity vulnerabilities, which accounted for almost 40% of network vulnerabilities last year.