"Attackers Have 'Favorite' Vulnerabilities to Exploit"

According to researchers from Palo Alto Networks, attackers play favorites when looking at which software vulnerabilities to target.  The researchers stated that nearly one in three, or 31%, of incidents analyzed by Unit 42 in its 2022 "Incident Response Report" resulted from attackers gaining access to the enterprise environment by exploiting a software vulnerability.  The researchers noted that Six CVE categories accounted for more than 87% of vulnerabilities being exploited: ProxyShell (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207), Log4j, ProxyLogon (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065), multiple vulnerabilities in SonicWall and Fortinet products, and a vulnerability in Zoho ManageEngine ADSelfService Plus (CVE-2021-40539).  The researchers also found that in 55% of incidents where they were able to identify the vulnerability, the attackers had targeted ProxyShell. Just 14% of those cases involved Log4j.  For the report, the researchers analyzed data from a sampling of over 600 incident response engagements between April 2021 and May 2022.  The researchers noted that while attackers continue to rely on older, unpatched vulnerabilities, many are also looking at new vulnerabilities.  The researchers stated that scanning for vulnerabilities is not difficult, so attackers begin scanning for systems with a newly disclosed vulnerability as soon as they learn about them.

Dark Reading reports: "Attackers Have 'Favorite' Vulnerabilities to Exploit"