Cybersecurity is an important issue that everyone should pay attention to today. Research on this subject once again emphasizes the importance of keeping security programs up to date for organizations.
According to a report by Tenable, the most important cause of cyber attacks is the failure to apply previously released patches. The analyzed incidents revealed 2.29 billion records, covering 257 terabytes of data. The report shows that high severity issues in virtual private network solutions from Microsoft Exchange, Zoho ManageEngine products, and Fortinet, Citrix, and Pulse Secure are the most commonly used security vulnerabilities. Ransomware attacks continue to be the most common method of successful cyber attacks.
The report indicates a 33% decrease in the number of vulnerabilities exploited in ransomware attacks between 2021 and 2022. This decrease may suggest a reduced dependency of ransomware operations on new vulnerabilities. However, the report also notes that this decrease could have been caused by other factors, including less reporting of ransomware incidents.
The Known Exploited Vulnerabilities (KEV) catalog maintained by the US Cybersecurity and Infrastructure Security Agency (CISA) contains almost 900 security vulnerabilities. A report on the 557 CVEs added to the CVE list in 2022 provides valuable information about the discovered vulnerabilities. The security vulnerabilities, mostly effective for operating systems and IoT devices, do not provide information about the types of attacks used to exploit them. According to the VulnCheck report, it was revealed that 241 of the additions in 2022 were exploited by threat actors, 122 by ransomware groups, and 69 by botnets.
In conclusion, the importance of cybersecurity is increasing, and organizations need to update their security practices and apply patches.